Access Control Lists for Workflows

You can define which actions a user can perform in a workflow through criteria-based access control.

Workflow access can be granted to individual users or to groups of users created through filtered lists, which organize users by attributes such as location or business unit within a Team. Access is managed by setting conditions based on basic or extensible flexfield attributes and assigning permissions to specific workflow groups. Additionally, you can control visibility by choosing to hide or display attribute groups, including extensible attribute groups.

As an administrator, you can define specific teams and permission sets, with tailored conditions for workflows. Permissions can be granted for various workflow actions such as create, discover, delete, view, manage, update, and publish.

For example, you can create a permission set for a workflow that allows you to:

  • Create workflow in the change type Design Change Orders.
  • Discover all workflows in the application.
  • Delete all Engineering Change Orders.
  • View basic attributes, affected items, and relationships on all engineering change orders.
  • Manage only Basic Attributes on all Engineering Change Orders.
  • Change the status on all problem reports.
  • Publish all commercial change orders.
You can create conditions to group workflows based on the following:
  • Change header attributes.
  • Customer, source, supplier, and manufacturer attributes.
  • Change extensible flexfield attributes - single row.
  • Workflow presence indicators, has attachments, has tasks, and has relationships.

Here are some additional details on access control lists for workflows:

  • Workflows on REST APIs and SOAP services are secured when you enable access control.
  • Adding a change type in conditions on workflows is required to provide a create permission. This means that a user will be able to create workflows only on those change types.
  • The application validates whether the user has the manage permission to access affected objects, while an item is added to the workflow using the following options:
    • Add to Change Order ( or Change Request, Problem Report, or Corrective Actions).
    • Save to Workflow.
  • Users can add relationships on items and workflows only if they’re assigned the view or manage permission to that object.
    • Users can create or edit the relationship rule if they have manage permission for workflow activity.

Enable Access Control for Workflows

Enable the profile option named Enable Access Control List for Workflows. By default, the profile option is set to No.

On enabling the profile option, the workflow continues to honor the existing security settings till you create a permission and permission set.

Note: Once the profile option is enabled and a permission is created for workflows, all workflows in the application will become private, regardless of their current public or private settings. You must manually assign user permissions to these workflows.

Permissions Required to Add Affected Objects

To add affected objects on the workflow, you will require the Manage Permission on Affected Objects.

To create a new change order, you will require the Create Permission.

To assign the item to an existing change you will require the Manage permission on the Affected Objects tab for the specific workflow.