Set up Access Control Lists Along with Additional Workflow Controls

Before update 25D, a user’s permissions and actions in a workflow were determined solely by the configuration in the Manage Change Order Types task. This setup defined whether a user could serve as a Creator, Requester, Assignee, or another role.

Starting with update 25D, the application validates both additional workflow controls and access control lists to determine what actions a user can perform in a workflow. This validation is applicable only when the profile option named Enable Access Control List for Workflows is enabled. If either control is missing, the user can't perform the action or access the object.

For instance, a user who is also the requester of a specific workflow instance can add, remove, and update workflow attachments only if the following conditions are met:

  • The user is included in an access control team, either as part of a filtered list, or individually, and has been granted the Manage permission for workflow attachments. This permission contains the specific condition that includes the current workflow instance.
  • In the additional workflow control, Manage Change Header Attachments is set to Yes for requesters.

The table lists the actions in additional workflow controls and the corresponding permissions required for the actions to be effective.

Workflow Status Actions in Additional Workflow Controls Permission + Selections in the Access To Column of Permission Set
Open Promote Manually - To Any Status Change Status Permission
Promote Manually - To Next Status Change Status Permission
Add Participants for Current Status Manage Permission - Workflow Activity
Remove Participants for Current Status Manage Permission - Workflow Activity
Manage Change Header Attributes - All Manage Permission - Basic Attributes + extensible flexfields + descriptive flexfields + Customer/Manufacturer/Supplier/Supp)
Manage Change Header Attributes - Standard Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)
Manage Change Header Attributes -Addition information Manage Permission - extensible flexfields Attribute Group and Additional Attributes
Manage Attachments Manage Permission - Attachments
Manage Affected Objects Manage Permission - Affected Objects
Cancel Change Orders or Lines Change Status Permission for Cancel Change Orders
Manage Permission - Affected objects for Cancel Change Lines
Move Change Lines Manage Permission - Affected Objects
Add Participants for Future Status Manage Permission - Workflow Activity
Remove Participants for Future Status Manage Permission - Workflow Activity
Manage Relationships Manage Permission - Relationships
Add Tasks Manage Permission - Tasks
Remove Tasks Manage Permission - Tasks
Update Tasks Manage Permission - Tasks
Approval Demote Manually - To Any Status Change Status Permission
Demote Manually - To Next Status Change Status Permission
Add Participants for Current Status Manage Permission - Workflow Activity
Remove Participants for Current Status Manage Permission - Workflow Activity
Manage Change Header Attributes - All Manage Permission - Basic Attributes + extensible flexfields + descriptive flexfields + Customer/Manufacturer/Supplier/Supp
Manage Change Header Attributes - Standard Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)
Manage Change Header Attributes -Addition information Manage Permission - extensible flexfields Attribute Group and Additional Attributes
Manage Attachments Manage Permission - Attachments
Terminate or Restart Approvals Manage Permission - Workflow Activity
Cancel Change Orders or Lines Change Status Permission for Cancel Change Orders
Manage Permission - Affected objects for Cancel Change Lines
Move Change Lines Manage Permission - Affected Objects
Add Participants for Future Status Manage Permission - Workflow Activity
Remove Participants for Future Status Manage Permission - Workflow Activity
Manage Relationships Manage Permission - Relationships
Add Tasks Manage Permission - Tasks
Remove Tasks Manage Permission - Tasks
Update Tasks Manage Permission - Tasks
Scheduled Add Participants for Current Status Manage Permission - Workflow Activity
Remove Participants for Current Status Manage Permission - Workflow Activity
Manage Change Header Attributes - All Manage Permission - Basic Attributes + extensible flexfields + descriptive flexfields + (Customer/Manufacturer/Supplier/Supp)
Manage Change Header Attributes - Standard Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)
Manage Change Header Attributes -Addition information Manage Permission - extensible flexfields Attribute Group and Additional Attributes
Manage Attachments Manage Permission - Attachments
Cancel Change Orders or Lines Change Status Permission for Cancel Change Orders
Manage Permission - Affected objects for Cancel Change Lines
Move Change Lines Manage Permission - Affected Objects
Reschedule Change Orders Manage Permission - Affected Objects
Add Participants for Future Status Manage Permission - Workflow Activity
Remove Participants for Future Status Manage Permission - Workflow Activity
Manage Relationships Manage Permission - Relationships
Add Tasks Manage Permission - Tasks
Remove Tasks Manage Permission - Tasks
Update Tasks Manage Permission - Tasks
Completed Add Participants for Current Status Manage Permission - Workflow Activity
Remove Participants for Current Status Manage Permission - Workflow Activity
Manage Change Header Attributes - All Manage Permission - Basic Attributes + the following attributes: extensible flexfields + descriptive flexfields + Customer, Manufacturer, Supplier, and Supp.
Manage Change Header Attributes - Standard Manage Permission - Basic Attributes + (Customer, Manufacturer, Supplier, and Supp)
Manage Change Header Attributes - Addition information Manage Permission - Extensible flexfield attribute group and additional attributes
Manage Attachments Manage Permission - Attachments
Move Change Lines Manage Permission - Affected Objects
Manage Relationships Manage Permission - Relationships
Add Tasks Manage Permission - Tasks
Remove Tasks Manage Permission - Tasks
Update Tasks Manage Permission - Tasks

Actions Based on Permissions and Workflow Controls

Here are the actions a user can perform depending on the configuration in the permission set and additional workflow controls.

In Permission Set In Additional Workflow Controls (Manage Change Order Types Task)
Manage Permission + Access To Tasks Add Task Configuration Remove Task configuration Update Task configuration

User Actions

in Tasks tab

on Change Orders

No Yes Yes Yes Can’t add, update, or remove tasks.
Yes No No No Can’t add, update, or remove tasks.
Yes Yes Yes Yes Can update tasks
Yes No No Yes Can update tasks. Can’t add or remove tasks.
Yes Yes No No Can add new tasks. Can’t update or remove tasks.
Yes No Yes No Can remove tasks. Can’t add or update tasks.