Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

users with the frevvo.Publisher role perform a special function explained here. Publisher users have the ability to change ACLs for the forms/flows workflows that they are moving from the development environment to production. They cannot, however, edit those forms/flows workflows to use the Form/Flow Workflow Properties wizards to do so.

Publisher users access the Access Control List by clicking a form or workflow's Action Menu and selecting Security after they have logged into a designer user's account.

Designer users can also display the Access Control List by selecting Security on the Forms and Workflows Home Page but we encourage designers to use the Form/Flow Workflow Properties wizards to assign permissions.

Column
width350px

On This Page:

Table of Contents
maxLevel2

The Access Control wizard makes the following permissions available for forms/flowsworkflows:

  • Who can use the form/flowworkflow?
  • Who can edit the form/flowworkflow?
  • Who can view form/flow workflow submissions?
  • Who can edit form/flow workflow submissions?
  • Who can access the audit trail - available only for flowsworkflows
  • Who can administer the flow workflow - available only for flowsworkflows
Section
Column
width50%

ACL Permissions for Forms

Column
width50%

ACL Permissions for FlowsWorkflows

Info

ACL settings,set by the designer, are retained when you download/upload a form/flowworkflow/app to another designer user in the same or different tenant and when you copy a form/flowworkflow.

Dynamic ACLs

Templates provide the ability to dynamically determine and restrict access to submissions/ task audit trails when assigning Access Control permissions. Templates are like variables in your form that can be filled in by the user, populated by a business rule or from a back end system.  Any item on the Access Control screens contained in curly braces is a form template and will be replaced with the value of the associated control. For example, the list below contains two fixed roles(reviewer and superuser) and one dynamic template based role - {acctmgrrole} : 

...

In the example discussed below, templates are used to navigate the flow workflow to the correct employee in the Accounting department and to define user lists to dynamically control access. 

Note
iconfalse
titleImportant Note on Dynamic Access Controls:
  • Whenever a template is used to determine access control the derived set of users and roles are tied to the submission. They will only change if the submission is edited. Once a user/role is granted permission to a submission dynamically, that cannot be changed by editing the access control configuration in the designer.
  • Dynamic ACLs work per submission when that form/flow workflow is being submitted. If you change ACL permissions they will not take effect for the old submissions automatically as the related ACL record was not created when that particular submission was made. Old submissions must be edited and re-submitted for the changes to take effect.
  • Templates are not recommended for the Who can edit the form/flowworkflow permission.

Who can start the form/

...

workflow

Setting this permission determines who is allowed to create form/flow workflow submissions. The choices for Form/Flow Workflow visibility are: 

  • Anyone(login not required) - anyone can use it even if they are not logged in.
  • Authenticated Users(login required) - the form is usable to anyone who has an account (username/password) and is logged in to your tenant.
  • Designers/Owner Only - the designer user who created the form/flow workflow (owner) can edit, test or use the form. They must be logged into .
  • Custom - The owning designer always has access to the form/flowworkflow. Additionally, the designer may configure selected users and/or roles (i.e. users with these roles) to have runtime access to the form/flowworkflow.

Who can edit the form/

...

workflow

Warning
  • Edit permissions should not be given to forms or flows workflows currently in production use. Please see the Admin Best Practices Guide
  • Users with this permission have the ability to run the Refresh Searchable Fields process for the forms/flows workflows they are editing. This process updates existing submissions if changes are made to Searchable Fields.

Form and flow workflow owners (designer users that created the form/flowworkflow) can give other users (designers/non-designers) the capability to edit form/flowsworkflows. This is particularly helpful if a designer user takes a leave of absence or leaves the company. The "backup designer" has the ability to make changes to the form/flow workflow without having to download the form/flowworkflow(s) from the owner's account to the backup designer's account. The "backup designer" also can view related submissions by clicking on the Submission or Legacy Submission icons. The ability to edit submissions is granted by a different permission.

Note

Users with or without the role of frevvo.Designer can be assigned the permission to edit forms/flowsworkflows.

Users given this permission access the shared form/flow workflow from the Shared Items tab even if they have the frevvo.designer role assigned to them. They can only edit the form/flow workflow that was shared with them. They will not have the ability to create new forms/flows workflows from the Shared Items tab. The ability to make changes to a form/flow workflow is not available from Shared Items on the Important Items menu in a space.

To assign users the ability to edit forms/flowsworkflows, follow these steps:

  1. Open the Access Control wizard by clicking the Lock icon on the Forms and Workflows Home Page or on the Form/Flow Workflow designer toolbars. 
  2. Select Who can edit the form/flow workflow from the Permission field dropdown.
  3. Enter the roles that you want to grant editing capability to, separated by commas, in the Roles section.
  4. Enter the users that you want to grant editing capability to, separated by commas, in the Users. 
  5. Click Finish or select the next option in the dropdown to continue with the Access Control List.

...

Users that have been granted the editing permission, access forms and flows workflows that have been shared with them via the Shared Items tab on their Home Page. It will not work from the Shared Items selection in a Space or any other embedded scenario.

The Who can edit the form/flowworkflow permission does not apply if you are running with Confluence. Confluence users share form/flow workflow editing by specifying the Forms Editor group on the /wiki/spaces/frevvo82/pages/767366115 screen. Users who will be sharing the editing function must be assigned to the specified group.

A browser notification message displays if the user who has been granted permission to edit forms/flows workflows tries to modify their own ACL. will not allow the "backup designer" to remove themselves from the ACL list.

...

The designer can assign permission to view form/flow workflow submissions to specific roles/users.  Any user with view access can view submissions in read-only mode. Submission deletion is not allowed. Templates can be used to dynamically determine at runtime which users and roles are allowed to view submissions.

...

  1. Open the Access Control wizard by clicking the Lock icon on the Forms and Workflows Home Page or on the Form/Flow Workflow designer toolbars. 
  2. Select Who can view submissions from the Permission field dropdown. 
  3. Enter the roles you want to grant view access to, separated by commas, in the Roles section. You can enter control names from your form/flow workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to grant view access to, separated by commas, in the Users section. You can enter control names from your form/flow workflow encased in curly braces to act as templates for dynamic access.
  5. Click Finish or select the next option in the dropdown to continue with the Access Control List.

...

The designer can assign permission to edit form/flow workflow submissions to specific roles/users. Any user with edit access can view, edit and delete submissions in the SUBMITTED, ABORTED or ERROR states. Submissions in the PENDING, SAVED or WAITING states can only be deleted by the tenant admin, flow workflow admin or designer user that created the flowworkflow. Refer to the Deleting Submissions for more information.

...

  1. Open the Access Control wizard by clicking the Lock icon on the Forms and Workflows Home Page or on the Form/Flow Workflow designer toolbars. 
  2. Select Who can edit submissions from the Permission field dropdown. 
  3. Enter the roles you want to grant edit access to, separated by commas, in the Roles section. You can enter control names from your form/flow workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to grant edit access to, separated by commas, in the Users section. You can enter control names from your form/flow workflow encased in curly braces to act as templates for dynamic access.
  5. Click Finish or select the next option in the dropdown to continue with the Access Control List for flowsworkflows.

Who can access the audit trail -

...

Workflows Only

 The audit trail is accessed on a  user's Task List by clicking the View Task History icon. Roles/Users granted this permission will see theView Task History icon on tasks in their task list.

...

  1. Open the Access Control wizard by clicking the Lock icon on the Forms and Workflows Home Page or on the Flow Workflow designer toolbar. 
  2. Select Who can access the audit trail from the Permission field dropdown. 
  3. The Permission dropdown has two choices: All participants and Custom
  4. All participants indicates that any user that participated in the flow workflow can view the audit trail for the task (provided they have access to the task). 
     


     
  5. Custom indicates that only users granted explicit access or with one of the specified roles can view the audit trail for the task (provided they have access to the task).  Roles and users can be selected via an editable combo-box control

  1. Enter the roles you want to grant audit trail access to, separated by commas, in the Roles section. You can enter control names from your flow workflow encased in curly braces to act as templates for dynamic access.
  2. Enter the users you want to grant audit trail access to, separated by commas, in the Users section. You can enter control names from your flow workflow encased in curly braces to act as templates for dynamic access.
  3. Click Finish or select the next option in the dropdown to continue with the Access Control List for flowsworkflows.

 

Who can administer the

flow

workflow -

Flows

Workflows Only

This permissions let a user abort, reassign and reset tasks that are not assigned to them. These administrative tasks are no longer restricted to tenant admins.

The designer can delegate these tasks to additional users/roles by assigning them in the Who can administer the flow workflow section of the Access Control dropdown. Any user/roles listed here will be considered a Flow Workflow Administrator.  As such, the Modify Task icon on a task in the task list will be displayed. Tenant admins and designer users get the Modify Task icon by default. 

To assign user/roles as Flow Workflow Administrators, follow these steps:

  1. Open the Access Control wizard by clicking the Lock icon on the Forms and Workflows Home Page or on the Flow designer Workflow Designer toolbar. 
  2. Select Who can administer the flow workflow from the Permission field dropdown. 
  3. Enter the roles you want to assign as flow workflow administrators, separated by commas, in the Roles section. You can enter control names from your flow workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to assign as flow workflow administrators, separated by commas, in the Users section. You can enter control names from your flow workflow encased in curly braces to act as templates for dynamic access.
  5. Click Finish to save the completed Access Control List.

...

User jerry has been designated as a flow workflow administrator for the Expense Report but not for the Time Sheet workflow. When Jerry logs into , his task list will appear as shown:

...

The Modify Task dialog allows a 'flow workflow admin' to execute any one of abort/reassign/reset functions.

When searching for tasks, if a flow workflow is chosen, and the user is a flow workflow admin for it, then all tasks for that flow workflow display. If no flow workflow is selected, then all tasks, even those that the flow workflow admin has not participated in, plus tasks for which the user is a flow workflow admin will display.