For workflows, you can define the following levels of security access:
Access to the Workflow menu items in the ACC. This setting determines whether users can create, edit, or view workflows in the workflow editor. See Allowing ACC Users to Edit Workflows.
The ability to execute a specific workflow, which determines whether a user can initiating the project or process that contains the workflow. See Allowing Site Users to Execute Workflows.
The ability to complete specific tasks within a workflow, which determines whether a user has access to buttons or other controls that would indicate a given task has been initiated and thus advance the workflow to the next element. See Giving Site Users Access to Workflow Tasks.
The mechanism that workflows use to handle security is the access control list, described in Secured Repositories in the ATG Repository Guide. For workflows, access control entries are stored as strings in the workflow definition XML file and then parsed by the atg.security package into an AccessControlList object.
The following example shows an access control entry from the registration.wdl file, which is the definition file for the EcoVida registration workflow:
<attribute name="atg.workflow.acl">
<constant>Profile$role$2900189:execute</constant>
</attribute>
