Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Visibility of workflow instance for service account using resourceResolverFactory.getServiceResourceResolver()

Avatar

Level 1

Hi community,

I am having an issue with the visibility my service account has on running workflow instances.

I am trying to write a scheduler that will check for running content approval workflows being idle for more than x days and notify their initiator.

This is on AEM 6.1 so I am using resourceResolverFactory.getServiceResourceResolver(p). I've created a system user and mapped it with a service name and my bundle id in the Sling Service User Mapping amendment config.

So far all good, my code gets the session as expected. I want to use the the WorkflowService to manipulate instances and check metadata so I am passing the session to getWorkflowSession() like such:

WorkflowSession workflowSession = workflowService.getWorkflowSession(session);

This is OK as well but the problem I have tis that this session is not able to "see" the running instances. I am understanding that the service account (system user) has to have sufficient privileges on the right nodes to manipulate them but I've tried everything I could think of in terms of ACL up to "allow jcr:all" for the service account user on /etc/workflow. 

Just for the sake of knowing where the issue was coming from, I switched the way I am getting the session to use the deprecated 

repository.loginAdministrative(null)

and of course this works. I see the right number of running instances and I am able to get the workflow objects.

So my question is: Is there a magical special place I should open permissions to for my system user so it sees running instances like an admin would?

Thanks guys.

0 Replies

Avatar

Level 1

I was poking around on this forum and found that issue that seems to be somehow related

Quick update: as mentioned in this similar issue, if I add my service account to the administrators group, it works and it is able to see the workflow instances. 

Obviously, that is not what should be done but I felt it was a valuable information to this issue. It definitely seems like a permission issue but some help on figuring out what has to be granted where would be greatly appreciated. 😉

Thanks!

Avatar

Level 5

I am experiencing all the same issues, when I add the service user to the administrators group it works. Do you have any idea what permission it is causing it to work?

Greetings

Jeroen