You are viewing limited content. For full access, please sign in.

Question

Question

Security for a dynamic field to prevent manual edit

Security Workflow
Updated June 5, 2014
asked on June 3, 2014 Show version history

 

Is there any way to lock down a dynamic field in the metadata, so that a user can't modify the field manually, but so that the workflow CAN modify the dynamic field for the user?

 

I am trying to avoid applying security during the workflow (only using security groups and folder security).

 

See attached example.

security issue.docx (56.2 KB)
Download
0 0

Answer

SELECTED ANSWER
replied on June 4, 2014 Show version history

Do you still have the edit rights on the field denied to the Everyone group? That will take precedence over any allowed rights. Instead of denying the edit rights to Everyone, just deny it to the actual users, leaving the Workflow user with "Allow" rights to edit the field.

0 0

Replies

replied on June 3, 2014

You can set up an account in the repository that will only be used by Workflow. Grant this account rights to edit the dynamic fields. Then for all other user accounts, just deny them the right to modify those fields. Note that you should not deny the modify right for the Everyone group since that would then include the specific Workflow account you have and the "Deny" would take precedence over the "Allow" you set explicitly for the Workflow user.

0 0
View 2 previous replies
replied on June 3, 2014

Thanks, but I'm a but unclear where do I configure it so that the workflow will use only that account to move the workflow? Also, if I do that, will any affiliated business processes only track that user's changes, or can BP still capture the logged in user who made the metadata change?

0 0
replied on June 3, 2014

You would set up your connection profile in the Workflow Designer to use the specified account. Basically this is the account that Workflow uses to connect to the repository and perform the necessary actions, i.e. moving documents, setting field values, etc. Please review this page for more information about setting the connection profile.

 

As for your second question, Workflow will still be able to detect the actions performed by any user as it previously had been.

0 0
replied on June 4, 2014

Thanks again, we recently upgraded to 9.0 and all users are configured as windows accounts, so I'm wondering if that had any impact on this.

 

I do have my workflow set to use a connection profile of a user configured to have admin rights (all access).

 

I can't get the dynamic field to be overwritten with a new value with my user account is set to read-only the field in the metadata, even though the workflow is configured to use this other connection profile.

 

I must be missing a step, but I'm just not sure what step is missing.

 

Any additional thoughts or ideas?

Connection and security for workflow user.docx (118.11 KB)
Download
0 0
SELECTED ANSWER
replied on June 4, 2014 Show version history

Do you still have the edit rights on the field denied to the Everyone group? That will take precedence over any allowed rights. Instead of denying the edit rights to Everyone, just deny it to the actual users, leaving the Workflow user with "Allow" rights to edit the field.

0 0
replied on June 5, 2014

Thanks for your help. Yes, removing the 'everyone' group did fix my issues.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...