Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

User is able to invoke the workflow on pages/assets on which he has only read permission.

Avatar

Level 1

Hello,

if a user has only read permission on a dam folder will he be able to invoke workflow ?  since workflow modifies the payload hence it should not happen. Am I missing anything? could someone please help.

Thank you. 

1 Accepted Solution

Avatar

Correct answer by
Level 10

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

View solution in original post

7 Replies

Avatar

Level 9

Hi Saurabh,

   Workflow does not use user session & you need to restrict for workflow access.  It is has designed. 

Thanks,

Avatar

Level 1
      Hey, Thank you for you suggestion, but ideally author should not able to initiate it. and restricting it through code - how do we do it?

Avatar

Level 1
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.

Avatar

Level 1
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.

Avatar

Level 9

Hi Saurabh,

Possible options at in ui disable the workflow option if user does not have permission on the folder Or 

in the workflow model add a first step  to check the workflow initiation permission & end accordingly.

Thanks,

Avatar

Correct answer by
Level 10

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.