Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

User is able to invoke the workflow on pages/assets on which he has only read permission.

Avatar

Level 1
Level 1
5/15/17 6:45:45 AM

Hello,

if a user has only read permission on a dam folder will he be able to invoke workflow ?  since workflow modifies the payload hence it should not happen. Am I missing anything? could someone please help.

Thank you. 

Views

778

Replies

7
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
5/17/17 11:44:52 AM

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

View solution in original post

Views

659

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
7 Replies

Avatar

Level 9
Level 9
5/15/17 8:44:36 PM

Hi Saurabh,

   Workflow does not use user session & you need to restrict for workflow access.  It is has designed. 

Thanks,

Views

656

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
5/15/17 11:05:37 PM
      Hey, Thank you for you suggestion, but ideally author should not able to initiate it. and restricting it through code - how do we do it?

Views

681

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
5/16/17 6:27:50 AM
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.

Views

681

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
5/16/17 6:27:51 AM
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.

Views

679

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
5/16/17 6:10:45 PM

Hi Saurabh,

Possible options at in ui disable the workflow option if user does not have permission on the folder Or 

in the workflow model add a first step  to check the workflow initiation permission & end accordingly.

Thanks,

Views

656

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 10
Level 10
5/17/17 11:44:52 AM

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

Views

660

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to get date and month using date picker in AEM using HTL. Solved

Views

151

Likes

0

Replies

4
Dispatcher flush on AEMaaCS Solved

Views

103

Likes

0

Replies

2
Customize the AEM ACS Commons Query Report Builder to run multiple queries based on the selection of a dropdown

Views

64

Likes

0

Replies

0
How to create and use frontend pipeline in Cloud manager

Views

110

Likes

0

Replies

1
custom workflow to be trigerred for all approvers when quickpublsh but rest should follow default workflow

Views

76

Likes

0

Replies

2