Set up Access Control Lists Along with Additional Workflow Controls
Before update 25D, a user’s permissions and actions in a workflow were determined solely by the configuration in the Manage Change Order Types task. This setup defined whether a user could serve as a Creator, Requester, Assignee, or another role.
Starting with update 25D, the application validates both additional workflow controls and access control lists to determine what actions a user can perform in a workflow. This validation is applicable only when the profile option named Enable Access Control List for Workflows is enabled. If either control is missing, the user can't perform the action or access the object.
For instance, a user who is also the requester of a specific workflow instance can add, remove, and update workflow attachments only if the following conditions are met:
- The user is included in an access control team, either as part of a filtered list, or individually, and has been granted the Manage permission for workflow attachments. This permission contains the specific condition that includes the current workflow instance.
- In the additional workflow control, Manage Change Header Attachments is set to Yes for requesters.
The table lists the actions in additional workflow controls and the corresponding permissions required for the actions to be effective.
| Workflow Status | Actions in Additional Workflow Controls | Permission + Selections in the Access To Column of Permission Set |
| Open | Promote Manually - To Any Status | Change Status Permission |
| Promote Manually - To Next Status | Change Status Permission | |
| Add Participants for Current Status | Manage Permission - Workflow Activity | |
| Remove Participants for Current Status | Manage Permission - Workflow Activity | |
| Manage Change Header Attributes - All | Manage Permission - Basic Attributes + extensible flexfields + descriptive flexfields + Customer/Manufacturer/Supplier/Supp) | |
| Manage Change Header Attributes - Standard | Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp) | |
| Manage Change Header Attributes -Addition information | Manage Permission - extensible flexfields Attribute Group and Additional Attributes | |
| Manage Attachments | Manage Permission - Attachments | |
| Manage Affected Objects | Manage Permission - Affected Objects | |
| Cancel Change Orders or Lines | Change Status Permission for Cancel Change Orders | |
| Manage Permission - Affected objects for Cancel Change Lines | ||
| Move Change Lines | Manage Permission - Affected Objects | |
| Add Participants for Future Status | Manage Permission - Workflow Activity | |
| Remove Participants for Future Status | Manage Permission - Workflow Activity | |
| Manage Relationships | Manage Permission - Relationships | |
| Add Tasks | Manage Permission - Tasks | |
| Remove Tasks | Manage Permission - Tasks | |
| Update Tasks | Manage Permission - Tasks | |
| Approval | Demote Manually - To Any Status | Change Status Permission |
| Demote Manually - To Next Status | Change Status Permission | |
| Add Participants for Current Status | Manage Permission - Workflow Activity | |
| Remove Participants for Current Status | Manage Permission - Workflow Activity | |
| Manage Change Header Attributes - All | Manage Permission - Basic Attributes + extensible flexfields + descriptive flexfields + Customer/Manufacturer/Supplier/Supp | |
| Manage Change Header Attributes - Standard | Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp) | |
| Manage Change Header Attributes -Addition information | Manage Permission - extensible flexfields Attribute Group and Additional Attributes | |
| Manage Attachments | Manage Permission - Attachments | |
| Terminate or Restart Approvals | Manage Permission - Workflow Activity | |
| Cancel Change Orders or Lines | Change Status Permission for Cancel Change Orders | |
| Manage Permission - Affected objects for Cancel Change Lines | ||
| Move Change Lines | Manage Permission - Affected Objects | |
| Add Participants for Future Status | Manage Permission - Workflow Activity | |
| Remove Participants for Future Status | Manage Permission - Workflow Activity | |
| Manage Relationships | Manage Permission - Relationships | |
| Add Tasks | Manage Permission - Tasks | |
| Remove Tasks | Manage Permission - Tasks | |
| Update Tasks | Manage Permission - Tasks | |
| Scheduled | Add Participants for Current Status | Manage Permission - Workflow Activity |
| Remove Participants for Current Status | Manage Permission - Workflow Activity | |
| Manage Change Header Attributes - All | Manage Permission - Basic Attributes + extensible flexfields + descriptive flexfields + (Customer/Manufacturer/Supplier/Supp) | |
| Manage Change Header Attributes - Standard | Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp) | |
| Manage Change Header Attributes -Addition information | Manage Permission - extensible flexfields Attribute Group and Additional Attributes | |
| Manage Attachments | Manage Permission - Attachments | |
| Cancel Change Orders or Lines | Change Status Permission for Cancel Change Orders | |
| Manage Permission - Affected objects for Cancel Change Lines | ||
| Move Change Lines | Manage Permission - Affected Objects | |
| Reschedule Change Orders | Manage Permission - Affected Objects | |
| Add Participants for Future Status | Manage Permission - Workflow Activity | |
| Remove Participants for Future Status | Manage Permission - Workflow Activity | |
| Manage Relationships | Manage Permission - Relationships | |
| Add Tasks | Manage Permission - Tasks | |
| Remove Tasks | Manage Permission - Tasks | |
| Update Tasks | Manage Permission - Tasks | |
| Completed | Add Participants for Current Status | Manage Permission - Workflow Activity |
| Remove Participants for Current Status | Manage Permission - Workflow Activity | |
| Manage Change Header Attributes - All | Manage Permission - Basic Attributes + the following attributes: extensible flexfields + descriptive flexfields + Customer, Manufacturer, Supplier, and Supp. | |
| Manage Change Header Attributes - Standard | Manage Permission - Basic Attributes + (Customer, Manufacturer, Supplier, and Supp) | |
| Manage Change Header Attributes - Addition information | Manage Permission - Extensible flexfield attribute group and additional attributes | |
| Manage Attachments | Manage Permission - Attachments | |
| Move Change Lines | Manage Permission - Affected Objects | |
| Manage Relationships | Manage Permission - Relationships | |
| Add Tasks | Manage Permission - Tasks | |
| Remove Tasks | Manage Permission - Tasks | |
| Update Tasks | Manage Permission - Tasks |
Actions Based on Permissions and Workflow Controls
Here are the actions a user can perform depending on the configuration in the permission set and additional workflow controls.
| In Permission Set | In Additional Workflow Controls (Manage Change Order Types Task) | |||
| Manage Permission + Access To Tasks | Add Task Configuration | Remove Task configuration | Update Task configuration |
User Actions in Tasks tab on Change Orders |
| No | Yes | Yes | Yes | Can’t add, update, or remove tasks. |
| Yes | No | No | No | Can’t add, update, or remove tasks. |
| Yes | Yes | Yes | Yes | Can update tasks |
| Yes | No | No | Yes | Can update tasks. Can’t add or remove tasks. |
| Yes | Yes | No | No | Can add new tasks. Can’t update or remove tasks. |
| Yes | No | Yes | No | Can remove tasks. Can’t add or update tasks. |