Hi community,
I am having an issue with the visibility my service account has on running workflow instances.
I am trying to write a scheduler that will check for running content approval workflows being idle for more than x days and notify their initiator.
This is on AEM 6.1 so I am using resourceResolverFactory.getServiceResourceResolver(p). I've created a system user and mapped it with a service name and my bundle id in the Sling Service User Mapping amendment config.
So far all good, my code gets the session as expected. I want to use the the WorkflowService to manipulate instances and check metadata so I am passing the session to getWorkflowSession() like such:
WorkflowSession workflowSession = workflowService.getWorkflowSession(session);
This is OK as well but the problem I have tis that this session is not able to "see" the running instances. I am understanding that the service account (system user) has to have sufficient privileges on the right nodes to manipulate them but I've tried everything I could think of in terms of ACL up to "allow jcr:all" for the service account user on /etc/workflow.
Just for the sake of knowing where the issue was coming from, I switched the way I am getting the session to use the deprecated
repository.loginAdministrative(null)
and of course this works. I see the right number of running instances and I am able to get the workflow objects.
So my question is: Is there a magical special place I should open permissions to for my system user so it sees running instances like an admin would?
Thanks guys.