You are viewing limited content. For full access, please sign in.

Question

Question

Does the User Specified in a Workflow's Connection Profile need to be Configured as an Administrator in the Workflow Administration Console

Workflow Version 9 Administration Security
Updated August 20, 2015
asked on August 19, 2015

Prior to moving into an Active Directory environment, we used a Laserfiche account called WORKFLOW in all our workflow connection profiles.  And the Everyone group was set as an Administrator in the Workflow Administration Console.

Now we are slowly re-writing our work flows to identify Active Directory groups instead of LaserFiche Groups.  Thus far, we are still using the Laserfiche WORKFLOW user in the connection profiles.  But our system administrator changed the permissions of the Everyone group in the Workflow Administration Console to 'Search, ADO'.  It no longer has Administrator permissions.  Individual Active Directory users have Administrator permissions but we are not using them in the workflow connection profiles.

And we are receiving some 'Access Denied' errors on some fields when running the workflows.

So my question is "Does the User Specified in a Workflow's Connection Profile need to be Configured as an Administrator in the Workflow Administration Console".

And if not, do you know what might be causing our Access Denied errors.

Thanks

0 0

Answer

SELECTED ANSWER
replied on August 19, 2015

I think you're confusing 2 separate security setups. The connection profile allows your workflows to get into the Laserfiche repository and perform actions in there. That user needs its security setup in the Laserfiche Admin Console and the repository. This user does not need to have administrative privileges in the repository, but it will need to have the entry access rights appropriate for the actions it is trying to do (move, set fields, create folders, etc.)

The Workflow Server itself has security to prevent unauthorized users from modifying workflows. This security uses Windows authentication and is configured through the Workflow Administration Console. The Everyone group refers to the local Windows group on the Workflow Server. This authentication has nothing to do with the Laserfiche repository. You will not be able to set up WF security for the user in the connection profile.

If you are getting an Access Denied error when Workflow tries to perform an action in Laserfiche, then you want to look at the repository security for the connection profile user, not at the Workflow Server's security. You should be able to narrow down the cause based on the action that is failing (move -> entry access, set fields -> template and field rights, etc).

1 0

Replies

replied on August 19, 2015 Show version history

It does not need to be an administrator but the account has to have sufficient permissions and access rights (as defined in the Laserfiche Administration Console) to perform all actions that a workflow may call for.

Example: If you add the Assign Field Values activity to your workflow definition, the user you define must have sufficient rights to assign templates to all entries that the workflow will be performed on.

Most people create a LF account for Workflow and give it admin rights.  It does not need to be a named user account and does not use a named user license.

1 0
replied on August 20, 2015

Thank you both very much - that is a very clear explanation.  Most helpful. 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...