Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

User is able to invoke the workflow on pages/assets on which he has only read permission.

saurabhs7556718
Level 1
Level 1

Hello,

if a user has only read permission on a dam folder will he be able to invoke workflow ?  since workflow modifies the payload hence it should not happen. Am I missing anything? could someone please help.

Thank you. 

1 Accepted Solution
smacdonald2008
Correct answer by
Level 10
Level 10

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

View solution in original post

7 Replies
MC_Stuff
Level 9
Level 9

Hi Saurabh,

   Workflow does not use user session & you need to restrict for workflow access.  It is has designed. 

Thanks,

saurabhs7556718
Level 1
Level 1
      Hey, Thank you for you suggestion, but ideally author should not able to initiate it. and restricting it through code - how do we do it?
saurabhs7556718
Level 1
Level 1
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.
saurabhs7556718
Level 1
Level 1
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.
MC_Stuff
Level 9
Level 9

Hi Saurabh,

Possible options at in ui disable the workflow option if user does not have permission on the folder Or 

in the workflow model add a first step  to check the workflow initiation permission & end accordingly.

Thanks,

smacdonald2008
Correct answer by
Level 10
Level 10

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

View solution in original post