You are viewing limited content. For full access, please sign in.

Question

Question

In Forms Designer, how to hide/restrict Workflows from the 'Workflow Name' list on Workflow Service Task

Forms Workflow Self-Hosted Administration Version 10
Updated March 15, 2024
asked on March 15, 2024

When you're making a form you can add a 'Workflow Service Task' and when you click into the 'Workflow Name' it lists all workflows we have; this is not what we want though and I can not tell how permissions for this field work:



Right now I have 'User A' and 'User B' and both see the same list of workflows when they click into that field.
Let's say I have 10 workflows: "WF1" - "WF10"
In the LF Admin Console both users are authenticated by their respective domain accounts:




In the Workflow Admin Console I went to 'Permissions and Rights' and added both domain users:
DOMAIN\user_a
DOMAIN\user_b

For DOMAIN\user_a I chose 'Workflow Rights...' and set it to 'Editor' for all 10 workflows
For DOMAIN\user_b I chose 'Workflow Rights...' and set it to 'No Access' for all 10 workflows



At this point I open up two different browsers and go to Forms and I log into each user in a different browser.
I add a Workflow Service task, I click on 'Workflow Name', and for each user I see all 10 workflows still.


So I go back to Workflow Admin Console and go to 'Workflow Definitions', choose 1 of the workflows and go to 'Workflow Options' - I set it to 'Only allow specified users to access the workflow':



I go back to Forms and log back in to those two users and add the Workflow Service task and check again: this time, neither user can see the workflow that I chose to 'Only allow specified users to access'.



How does this work?? What am I missing?? I am assuming my issue is stemming from the Workflow Admin Console 'Everyone' group but I don't understand why:

'Everyone' :             WF1 - WF10 : Rights? "Not Set"
'DOMAIN\user_a' : WF1 - WF10 : Rights? "Editor"
'DOMAIN\user_b' : WF1 - WF10 : Rights? "No Access"
RESULT: both users can not see any workflows

'Everyone' :             WF1 - WF10 : Rights? "No Access"
'DOMAIN\user_a' : WF1 - WF10 : Rights? "Editor"
'DOMAIN\user_b' : WF1 - WF10 : Rights? "No Access"
RESULT: both users can not see any workflows

'Everyone' :             WF1 - WF10 : Rights? "Viewer"
'DOMAIN\user_a' : WF1 - WF10 : Rights? "Editor"
'DOMAIN\user_b' : WF1 - WF10 : Rights? "No Access"
RESULT: both users can see all workflows

This seems like it does not work the way it's advertising itself to work; if I do 'Not Set' any workflow rights for 'Everyone', I explicitly allow User A to be an 'Editor' to a workflow, and I explicitly give 'No Access' to a workflow to User B, I expect that User A will be able to see a workflow and User B will not - where am I going wrong?

0 0

Replies

replied on March 15, 2024

I believe you are troubleshooting the wrong user.  I believe that the identity listed as the FormsAppPool user in IIS Application Pools is the user that forms interfaces to workflow with.

0 0
replied on March 15, 2024

Currently, I don't understand how what you're saying relates to my issue - do you have any citable documentation for why you think IIS and the FormsAppPool are related to this?

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...