You are viewing limited content. For full access, please sign in.

Question

Question

Workflow is Removing Rights on Fields For No Apparent Reason

Workflow Version 9 Security
Updated August 20, 2015
asked on August 20, 2015

Something strange is happening with my workflows since we moved to Active Directory. 

I have folders in my repository that contain documents, one of which is a template with actionable fields.  One of my user accounts (an Active Directory account called domain\workflow) has full administrative rights on the folders, sub-folders, documents, and on all the fields in the template.  This is the account used in the connection profile

This workflow is designed to assign limited rights to group called HR.  It does not remove any rights.

When I run the workflow, HR gets the correct rights assigned to it but my domain\workflow account loses all rights to the fields and the template.  Its bizarre, there is nothing in the workflow telling it to remove rights.

Does anyone have any thoughts on what could be happening.  Its only happened since we moved to Active Directory, but, as I said, we start off with the Active Directory account having full rights on everything.

0 0

Replies

replied on August 20, 2015

Active directory accounts can't be used in connection profiles in Workflow.

When you say the account loses all rights to the fields, do you mean that the user can't edit fields on the document anymore? Can they modify anything in the document? Did you look at the entry's effective access rights before and after to check how the user is getting his rights?

1 0
replied on August 20, 2015

Okay, I switched all my connection profiles back to the way they were prior to the onset of Active Directory (they now all use a LaserFiche account will full rights to everything).

I started my form submission/workflow approval process from scratch.  Everything was fine, all the proper permissions held.  A member of an Active Directory group called Department had access to the repository and all the folders in it.  It had inherited permissions on this folder sub-folders and documents. 

It looked good until that user triggered a workflow that specifically gave permission to an AD group that, until this time, could not see the folder in the repository.  The only difference in this workflow from before is that it used to give permission to a LaserFiche group, not an AD group. 

Suddenly the original AD group (Department) that could always see these folders before, lost rights to it.  It disappeared from view.  When I logged in as Admin I can see the folder and the AD group with the newly-added permissions can see the folder but Department group cannot.

The workflow that was triggered did not remove any permissions from anyone.  is there someplace I can look to see where this is happening?

0 0
replied on August 20, 2015

In addition to the above, the Laserfiche user I used in the connection profile, who, prior to the triggering of this workflow had all rights on every folder and every field (I verified this) has now lost the ability to modify the fields.  it can read them but not modify them.  Its laser-fiche group is now missing from the list when I check the access rights on the folder.  strange - it has admin rights so I can actually check the access rights on the folder but it is not in the list and the fields in the template are all greyed out.  Bizarre.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...