...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Section | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Excerpt | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Access Control List User Interface
Open the Access Control wizard by
Form designers as well as users with the publisher role are authorized to configure access control. The Access Control wizard makes the following permissions available for forms/workflows:
Dynamic ACLsTemplates provide the ability to dynamically determine and restrict access to submissions/task audit trails when assigning Access Control permissions. Templates are like variables in your form that can be filled in by the user, populated by a business rule or from a back end system. Type your control name enclosed in curly braces in any supported ACL field, and that template be replaced with the value of the associated control. For example, the list below contains a fixed role (Manager) and a dynamic template based role ({AcctMgrRole}).
In the example discussed below, templates are used to navigate the workflow to the correct employee in the Accounting department and to define user lists to dynamically control access.
Who can start the form/workflowSetting this permission determines who is allowed to create form/workflow submissions. The default value for forms is Anyone (login not required) and for workflows is Authenticated Users (login required). The designer can select one of the following choices to specify form/workflow visibility.
Click Submit or continue with the next option in the Access Control wizard.
User ExperienceUsers who have "Who can start the form/workflow" access will see the form/workflow and be able to fill it out when it is shared with them (e.g. via a share link, Spaceportal, or embedded in a website.) If the permission is set to authenticated users and/or roles, the user must be logged in to see the form/workflow. Users who are not logged in and trying to access a form/workflow with "Who can start the form/workflow" permission set to all or custom authenticated users will be prompted to log in. Logged-in users who do not have "Who can start the form/workflow" access will see an error message when they try to access the form: "Error Access Denied. Authentication required. Are you trying to access a private form or workflow?" This error will never be shown when this permission is set to Anyone (login not required). Public forms that include the save/load feature or digital signatures will prompt the user with the login screen when they click to save or sign. These features frevvo features require a login. Who can edit the form/workflow
Form and workflow owners (designer users that created the form/workflow) can give other users (designers/non-designers) the capability to edit form/workflows. This is particularly helpful if a designer user takes a leave of absence or leaves the company. The "backup designer" has the ability to make changes to the form/workflow without having to download the form/workflow(s) from the owner's account to the backup designer's account. The "backup designer" also can view related submissions by clicking on the Submissions icon. The ability to edit submissions is granted by a different permission.
Users given this permission access the shared form/workflow from the Shared Items tab even if they have the frevvo.designer Designer role assigned to them. They can only edit the form/workflow that was shared with them. They will not have the ability to create new forms/workflows from the Shared Items tab. The ability to make changes to a form/workflow is not available from Shared Items on the Important Items menu in a spacea frevvo portal. To assign users the ability to edit forms/workflows, follow these steps:
Users that have been granted the editing permission , access forms and workflows that have been shared with them via the Shared Items tab on their Home Page. It will not work from Users cannot edit forms/workflows in the Shared Items selection in a Spaceportal or any other embedded scenario. The Who can edit the form/workflow permission does not apply if you are running with running frevvo with Confluence. Confluence users share form/workflow editing by specifying the Forms Editor group on the add-on configuration screen. Users who will be sharing the editing function must be assigned to the specified group. A browser notification message displays if the user who has been granted permission to edit forms/workflows tries to modify their own ACL. will frevvo will not allow the "backup designer" to remove themselves from the ACL list. Who can view submissionsThe designer can assign permission to view form/workflow submissions to specific roles/users. Any user with view access can view submissions in read-only mode. Submission deletion is not allowed. Templates can be used to dynamically determine at runtime which users and roles are allowed to view submissions. To assign permission to view submissions, follow these steps:
Who can edit submissionsThe designer can assign permission to edit form/workflow submissions to specific roles/users. Any user with edit access can view, edit and delete submissions in the SUBMITTED, ABORTED, or ERROR states. Submissions in the PENDING, SAVED or WAITING states can only be deleted by the tenant admin, workflow admin or designer user that created the workflow. Refer to the Deleting Submissions for more information. Templates can be used to dynamically determine at runtime which users and roles are allowed to edit submissions. To assign permission to edit submissions, follow these steps:
Who can access the audit trail - Workflows OnlyThe Audit Trail is accessed on a usera frevvo user's Task List by clicking the View Task History icon. Roles/Users granted this permission will see theView Task History icon on tasks in their task list. To assign permission to view the audit trail, follow these steps:
Who can administer the workflow - Workflows OnlyThis permission lets a user abort, reassign and reset tasks that are not assigned to them. These administrative tasks are no longer restricted to tenant admins. The designer can delegate these tasks to additional users/roles by assigning them in the Who can administer the workflow section of the Access Control dropdown. Any user/roles listed here will be considered a Workflow Administrator. As such, the Modify Task icon on a task in the task list will be displayed. Tenant admins and designer users get the Modify Task icon by default. To assign user/roles as Workflow Administrators, follow these steps:
User jerry has been designated as a workflow administrator for the Expense Report but not for the Time Sheet workflow. When Jerry logs into into frevvo, his task list will appear as shown: The Modify Task dialog allows a 'workflow admin' to execute any one of abort/reassign/reset functions. When searching for tasks, if a workflow is chosen, and the user is a workflow admin for it, then all tasks for that workflow display. If no workflow is selected, then all tasks, even those that the workflow admin has not participated in, plus tasks for which the user is a workflow admin will display. |
Shared Items
Submissions
All users granted Submission Access, either by user id or because they have a granted role, will see the Shared Item tab on their Home Page. Click on the Action menu and select Submissions icons to view/edit them.
You can add the Shared Item URL to your your existing Space portal so that a logged in user with the correct permissions will be able to access form/workflow submissions from the space portal menu. The submissions link is automatically added when you create a new spaceportal.
Designer ACL
The functions needed to edit forms/workflows are only displayed when users given the permission access the Shared Items tab from their Home Page if they are a designer or by clicking the icon on the Task List. The ability to make changes to a form/workflow is not available from Shared Items on the Important Items menu in a spacea frevvo portal.
Warning |
---|
Just a reminder, edit permissions should not be given for production forms or workflows. Please see the Admin Best Practices Guide. |
The functions provided to edit forms/workflows from the Shared Items tab, do not include the option to delete or copy them. Deletion of a form/workflow is not available to the "backup designer". Forms/workflows can be copied by the download/upload functions. The backup designer has the ability to run the Refresh Searchable Fields process to update previous submissions with changes made to Searchable Fields by clicking on the Action Menu and selecting Refresh Search Fields.
Let's say users Jack and Jill are both given the ability to edit the Expense report workflow. Jack logs into the workflow designer and begins to make changes. When Jill logs in, she will see the error shown in the image:
Access Control/Shared Item Example
Let's consider an example to illustrate how this feature works. An Accounting Department in a company has three employees, Sue, Jack, and Jill. There are three project catagoriescategories: Sales Demo, Customer Meetings, and Infrastructure. Sue is responsible for processing Expense Reports for the Sales Demonstration project, Jack processes Expense Reports for the Customer Meeting project and Jill process processes Expense Reports for the Infrastructure project. The Accounting employees must have the ability to view and edit only the Expense Report submissions they processed. Jerry is the manager who approves/rejects the Expense Reports. He can view all the Expense Report submissions but cannot edit them. Any employee in the company can submit an Expense Report. Jerry, Jack, Jill, and Sue are workflow administrators so you will see the Modify icon in the images of their task lists.
The designer The frevvo designer for the company creates an Expense Report workflow that displays the Expense Report form as the first step, then routes the request to the employee's manager (Jerry). If Jerry approves the expenses, then the workflow is routed to Sue, Jack, or Jill based on the project category.
In the Expense report form, there is a dropdown control for the Project Type and a business rule that populates a text control named AccountUser with the user id of Sue, Jack, or Jill based on the project type selected. You can populate the AccountUser control from a back-end system or by user entry but we will use the business rule for this example.
To comply with these requirements, the company designer company frevvo designer has configured the Access Control screens for the Expense Report as shown:
Let's say Tom Cat submits three Expense Reports, one for each project type:
The workflow routes the three tasks to Jerry the Reviewer. It is his responsibility to approve/reject the expenses. When Jerry logs into into frevvo, Tom's Expense Reports appear on his task list. The Access Control permissions above allow him to view the Audit trail for these tasks as well. Jerry approves all three Expense Reports and the workflow is routed to the user id specified in the {AccountUser} template in the Expense Report form. Remember, we used this template when assigning access control. The Sales Demonstration Expense Report goes to Sue for final processing while the Customer Meeting Expense Report is routed to Jack and the Infrastructure Expense Report is routed to Jill.
When Sue logs into into frevvo, she will see tasks for any employees in the company who submitted an Expense Report for the Sales Demonstration project. Tom's will be among them. She can view the Audit trail for the workflow as indicated by the View Task History icon.
When Sue completes the processing. and clicks on the Shared Item tab, she will see only the Expense Report submissions that she processed. She can edit the submissions or delete SUBMITTED, ABORTED or submissions reporting an error condition, if necessary.
When Jack logs into into frevvo, Tom's Expense Report for the Customer Meeting project will appear on his Task List along with any others submitted by company employees. Jack can view the Audit trail for the workflow as indicated by the View Task History icon.
When Jack completes the processing and clicks on the Shared Item tab, he will see only the Expense Report submissions that he processed. He can edit the submisions and SUBMITTED, ABORTED submissions or submissions reporting an error condition, if necessary.
When Jill logs into into frevvo, Tom's Expense Report for the Infrastructure project will appear on her Task List. She can view the Audit trail for the workflow as indicated by the View Task History icon.
When Jill completes the processing and then clicks on the Shared Item tab, she will see only the Expense Report submissions that she processed. He can edit the submisions and SUBMITTED, ABORTED submissions, or submissions reporting an error condition, if necessary.
When Jerry signs on to and to frevvo and clicks on the Shared Items tab, all of the Expense Report submissions will be listed in the Submissions Table. Jerry is a Reviewer and can view submissions but he will not be able to edit or delete them.
If Jerry clicks the selects all the submissions and tries to Delete them this deletion confirmation messages message will display:
When he clicks OK, the deletion will be denied and one of these error messages will display.
Harry is the company's Technical Writer. Since the form/workflow visibility is set to Public in Tenant, Harry will be able to access the form/workflow if he needs to submit an expense report after he logs onto but onto frevvo but he does not need permissions to view/edit the Expense Report submissions. When Harry clicks on the Shared Item tab it will be empty.