Live Forms Latest - This documentation is for Live Forms v9.2. v9.2 is a Cloud Only Release. Not for you? Earlier documentation is available too.

COVID-19 Response Info: At frevvo, our top priorities have always been employees and customers. We have taken several steps to promote the well-being of our people, to minimize services disruptions, and to help where we can. Visit our website for updates.

Access Control and Shared Items

The Access Control feature offers the designer increased flexibility when assigning access to forms/workflows and form/workflow submissions. Runtime access can be assigned to specific users/roles as long as they exist in your tenant. Also, the Access Control feature enables the designer to use templates to define user and role lists to dynamically control access.

Designer users can give permission to edit forms/workflows and monitor submissions to other user(s) by adding them to the Who can edit the form/workflow dropdown. Users with this permission have the ability to run the Refresh Searchable Fields process for the forms/workflows they are editing. This process updates existing submissions if changes are made to Searchable Fields.

Tenant admins will continue to have full access to all capabilities and will not be subject to Access Control List (ACL) checks.

On This Page:


Access Control List User Interface

  • users assigned the frevvo.publisher role have the ability to assign/change visibility/ACL permissions. Refer to Access Control List for Publisher Users for a discussion of the UI the Publisher user will see.
  • Although designer users can click the Security icon from the Action Menu on the Forms and Workflows Home page, we encourage you to use the Form/Workflow Properties wizards explained below to assign permissions.

Open the Access Control wizard by

  • Editing the form/workflow.
  • Clicking the Access Controls section or the cog icon on the Form/Workflow designer Properties Navigator when editing a form/workflow.
  • Click the Access Control tab.


Form designers as well as users with the publisher role are authorized to configure access control. The Access Control wizard makes the following permissions available for forms/workflows:

  • Who can use the form/workflow?
  • Who can edit the form/workflow?
  • Who can view form/workflow submissions?
  • Who can edit form/workflow submissions?
  • Who can access the audit trail - available only for workflows
  • Who can administer the workflow - available only for workflows

ACL Permissions for Forms

ACL Permissions for Workflows

The ACL settings are retained when you download/upload a form/workflow/project to another designer user in the same or different tenant and when you copy a form/workflow.

Dynamic ACLs

Templates provide the ability to dynamically determine and restrict access to submissions/ task audit trails when assigning Access Control permissions. Templates are like variables in your form that can be filled in by the user, populated by a business rule or from a back end system.  Any item on the Access Control screens contained in curly braces is a form template and will be replaced with the value of the associated control. For example, the list below contains a fixed role (reviewer) and one dynamic template based role - {AcctMgrRole} :

In the example discussed below, templates are used to navigate the workflow to the correct employee in the Accounting department and to define user lists to dynamically control access. 

Important Note on Dynamic Access Controls:

  • Whenever a template is used to determine access control the derived set of users and roles are tied to the submission. They will only change if the submission is edited. Once a user/role is granted permission to a submission dynamically, that cannot be changed by editing the access control configuration in the designer.
  • Dynamic ACLs work per submission when that form/workflow is being submitted. If you change ACL permissions they will not take effect for the old submissions automatically as the related ACL record was not created when that particular submission was made. Old submissions must be edited and re-submitted for the changes to take effect.
  • Templates are not allowed for the Who can edit the form/workflow permission.

Who can start the form/workflow

Setting this permission determines who is allowed to create form/workflow submissions. The choices for Form/Workflow visibility are: 

  • Anyone(login not required) - anyone can use it even if they are not logged in. This is the default setting for Forms and Workflows.
  • Authenticated Users(login required) - the form is usable to anyone who has an account (username/password) and is logged in to your tenant.
  • Designers/Owner Only - the designer user who created the form/workflow (owner) can edit, test or use the form. They must be logged into .
  • Custom - The owning designer always has access to the form/workflow. Additionally, the designer may configure selected users and/or roles (i.e. users with these roles) to have runtime access to the form/workflow.

 Click here for a detailed discussion of the Visibility permission

The  designer can specify the visibility of a form/workflow from either the Forms and Workflows Homepage or the Form/Workflow Properties wizard.

  1. On the Forms and Workflows Home Page: Click the Action Menu on a form/workflow and select Set Permissions.
  2. In the Form/Workflow Properties wizard:
    1. Click anywhere in the Access Control section of the Properties Navigator (quick-view) or
    2. Use the cog icon to open the Form/Workflow Properties Wizard and select the Access Control tab.

Clicking on the icons or in the Access Control section of the Properties Navigator display the same wizard which can be used to set the Visibility of your form/workflow.

When Who can start the form or Who can start the workflow is displayed in the Permission field, the designer can select one of the dropdown choices to specify form/workflow visibility. The default value for forms is Anyone (login not required) while workflows default to Authenticated Users (login required). The choices for form/workflow visibility are:

  • Anyone (login not required) - anyone can use it even if they are not logged in.
  • Authenticated Users (login required) - the form is usable to anyone who has an account (username/password) and is logged in to your tenant.
  • Designers/Owner Only - the designer user who created the form/workflow (owner) can edit, test or use the form. They must be logged into .
  • Custom - The owning designer always has access to the form/workflow. Additionally, the designer may configure selected users and/or roles (i.e. users with these roles) to have runtime access to the form. Use this option to auto-start workflows programmatically.

When  is embedded in another product such as Atlassian's Confluence wiki, you do not have access to the icons described above.

The designer can grant form/workflow access to explicit users/roles by selecting the Custom option. Roles and users can be selected via an editable combo-box control. As the user types,  will try to find any roles and users in the tenant that contain the typed string. Up to 5 matches are displayed below the combo box. Selecting a role/user from the dropdown inserts the selection into the list.

Click Submit or continue with the next option in the Access Control wizard. 

The Expense Report in the above images can be used by anyone in the tenant with the role of Employee, Manager or Accounting, the user id of the Reviewer and the user Sue. Notice the Reviewer role is encased between curly braces. This is an example of a control template. Templates are like variables in your form that will be evaluated at runtime and replaced with the actual values entered. For templates to work, there must be a control in your form with the name given inside the curly braces.

The user, Jack, who has the role of frevvo.Publisher, is not a Reviewer for anyone in the company and of course, is not Sue, will be denied access to the form. He will see this error:

 

You can publish any form/workflow regardless of whether it can be started by Anyone (No login required) or just the Designer/Owner. If Designer/Owner Only is selected, the person who created it or any user given the Who can edit the form/workflow permission can edit it or test it. It is possible for more than one designer to collaborate on forms/workflows in development if the form/workflow owner (the designer that created the form/workflow) gives this permission to other designers. However, if one designer is working on the form, other designers will be denied access. Form/workflow owners can also designate the Who can view submissions or Who can edit submissions permissions to other users so two or more people may view/edit submissions at the same time.

Until you set your form/workflow visibility to Anyone (login not required) all other users will see this error message when they try to access the form: " Error Access Denied. Authentication required. Are you trying to access a private form or workflow?

Similarly, if a form visibility is set to Authenticated Users(login required), only users with accounts in the tenant will be able to access the form.

If you set the form/workflow visibility to Anyone (login not required) and users have begun submitting it, you'll need to use caution when modifying your form. If users access it while you are editing it, they will see error messages indicating that the page is being refreshed or that the form is invalid.  A form/workflow made public this way is accessible to anyone with the form/workflow's URL. There are other methods of sharing forms that have increasingly higher levels of security. See form security for details.

You can mark your form/workflow Designers/Owner Only until you are done developing it, which will prevent new users from accessing the form, but if users happen to be completing the form when you switch it from Anyone (login not required) to Designers/Owner Only, they will see error messages. A better approach if feasible is to edit the form in a copy of your project running on a staging server. You can then replace the current form with the new form by removing the original project/form/workflow from the staging server and uploading the new project/form/workflow.

ACL settings set by the designer are retained when you download/upload a form/workflow/project to another designer user in the same or different tenant and when you copy a form/workflow.

The designer can set other permissions, such as who can view/edit submissions for forms and workflows via the Access Control wizard. Roles and users that can view the audit trail or be designated as workflow administrators are specified through the same wizard.

Public forms that include the save/load feature or digital signatures will prompt the user with the login screen when they click to save or sign. These features require a login.

Who can edit the form/workflow

  • Edit permissions should not be given to forms or workflows currently in production use. Please see the Admin Best Practices Guide
  • Users with this permission have the ability to run the Refresh Searchable Fields process for the forms/workflows they are editing. This process updates existing submissions if changes are made to Searchable Fields.

Form and workflow owners (designer users that created the form/workflow) can give other users (designers/non-designers) the capability to edit form/workflows. This is particularly helpful if a designer user takes a leave of absence or leaves the company. The "backup designer" has the ability to make changes to the form/workflow without having to download the form/workflow(s) from the owner's account to the backup designer's account. The "backup designer" also can view related submissions by clicking on the Submission or Legacy Submission icons. The ability to edit submissions is granted by a different permission.

Users with or without the role of frevvo.Designer can be assigned the permission to edit forms/workflows.

Users given this permission access the shared form/workflow from the Shared Items tab even if they have the frevvo.designer role assigned to them. They can only edit the form/workflow that was shared with them. They will not have the ability to create new forms/workflows from the Shared Items tab. The ability to make changes to a form/workflow is not available from Shared Items on the Important Items menu in a  space.

To assign users the ability to edit forms/workflows, follow these steps:

  1.  Open the Access Control wizard.
  2. Click the right arrow to expand the Who can edit the form/workflow section.
  3. Enter the roles that you want to grant editing capability to in the Roles section. Begin typing the role name then select the role from the dropdown. 
  4. Enter the users that you want to grant editing capability to in the Users section. Begin typing the user id then select the user from the dropdown.


    It is not good practice to use Templates for this permission and is not recommended.

  5. Click Submit or go to the next permission section in the Access Control List.

Users that have been granted the editing permission, access forms and workflows that have been shared with them via the Shared Items tab on their Home Page. It will not work from the Shared Items selection in a Space or any other embedded scenario.

The Who can edit the form/workflow permission does not apply if you are running  with Confluence. Confluence users share form/workflow editing by specifying the Forms Editor group on the /wiki/spaces/frevvo92/pages/816782416 screen. Users who will be sharing the editing function must be assigned to the specified group.

A browser notification message displays if the user who has been granted permission to edit forms/workflows tries to modify their own ACL.  will not allow the "backup designer" to remove themselves from the ACL list.

Who can view submissions

The designer can assign permission to view form/workflow submissions to specific roles/users.  Any user with view access can view submissions in read-only mode. Submission deletion is not allowed. Templates can be used to dynamically determine at runtime which users and roles are allowed to view submissions.

To assign permission to view submissions, follow these steps:

  1. Open the Access Control wizard.
  2. Click the right arrow to expand the Who can view submissions section.
  3. Enter the roles you want to grant view access to in the Roles section. Begin typing the role name then select the role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to grant view access to in the Users section. Begin typing the user id then select the user id role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  5. Click Submit or go to the next permission section in the Access Control List.

Who can edit submissions

The designer can assign permission to edit form/workflow submissions to specific roles/users. Any user with edit access can view, edit and delete submissions in the SUBMITTED, ABORTED or ERROR states. Submissions in the PENDING, SAVED or WAITING states can only be deleted by the tenant admin, workflow admin or designer user that created the workflow. Refer to the Deleting Submissions for more information.

Templates can be used to dynamically determine at runtime which users and roles are allowed to edit submissions.

To assign permission to edit submissions, follow these steps:

  1. Open the Access Control wizard.
  2. Click the right arrow to expand the Who can edit submissions section.
  3. Enter the roles you want to grant edit access to in the Roles section. Begin typing the role name then select the role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to grant edit access to in the Users section. Begin typing the user id then select the user id role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  5. Click Submit or go to the next permission section in the Access Control List. 

Who can access the audit trail - Workflows Only

 The audit trail is accessed on a  user's Task List by clicking the View Task History icon. Roles/Users granted this permission will see theView Task History icon on tasks in their task list.

To assign permission to view the audit trail, follow these steps:

  1. Open the Access Control wizard.
  2. Click the right arrow to expand the Who can access the audit trail section.
  3. Enter the roles you want to grant edit access to in the Roles section. Begin typing the role name then select the role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to grant edit access to in the Users section. Begin typing the user id then select the user id role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  5. Click Submit or go to the next permission section in the Access Control List.



     
  6. Custom indicates that only users granted explicit access or with one of the specified roles can view the audit trail for the task (provided they have access to the task).  Roles and users can be selected via an editable combo-box control



  7.  Enter the roles you want to grant audit trail access to in the Roles section. Begin typing the role name then select the role from the dropdown. You can enter control names from your workflow encased in curly braces to act as templates for dynamic access.
  8. Enter the users you want to grant audit trail access to in the Users section. Begin typing the user id then select the user id from the dropdown. You can enter control names from your workflow encased in curly braces to act as templates for dynamic access.
  9. Click Submit or select the next option in the Access Control List.


Who can administer the workflow - Workflows Only

This permission lets a user abort, reassign and reset tasks that are not assigned to them. These administrative tasks are no longer restricted to tenant admins.

The designer can delegate these tasks to additional users/roles by assigning them in the Who can administer the workflow section of the Access Control dropdown. Any user/roles listed here will be considered a Workflow Administrator.  As such, the Modify Task icon on a task in the task list will be displayed. Tenant admins and designer users get the Modify Task icon by default. 

To assign user/roles as Workflow Administrators, follow these steps:

  1. Open the Access Control wizard.
  2. Click the right arrow to expand the Who can administer the workflow section.
  3. Enter the roles you want to grant workflow admin access to in the Roles section. Begin typing the role name then select the role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  4. Enter the users you want to grant workflow admin access in the Users section. Begin typing the user id then select the user id role from the dropdown. You can enter control names from your form/workflow encased in curly braces to act as templates for dynamic access.
  5. Click Submit to complete the ACL setup
  6. Be sure to save the workflow if you were accessing the ACL from inside the Workflow Designer.

User jerry has been designated as a workflow administrator for the Expense Report but not for the Time Sheet workflow. When Jerry logs into , his task list will appear as shown:

The Modify Task dialog allows a 'workflow admin' to execute any one of abort/reassign/reset functions.

When searching for tasks, if a workflow is chosen, and the user is a workflow admin for it, then all tasks for that workflow display. If no workflow is selected, then all tasks, even those that the workflow admin has not participated in, plus tasks for which the user is a workflow admin will display.


Shared Items

Submissions

All users granted Submission Access, either by user id or because they have a granted role, will see the Shared Item tab on their Home Page. Click on the  Action menu and select Submissions or Submissions (legacy) icons to view/edit them. 

You can add the Shared Item URL to your your existing Space so that a logged in user with the correct permissions will be able to access form/workflow submissions from the space menu. The submissions link is automatically added when you create a new space.

Designer ACL

The functions needed to edit forms/workflows are only displayed when users given the permission access the Shared Items tab from their Home Page if they are a designer or by clicking the  icon on the Task List. The ability to make changes to a form/workflow is not available from Shared Items on the Important Items menu in a  space.

Just a reminder, edit permissions should not be given for production forms or workflows. Please see the Admin Best Practices Guide.

The functions provided to edit forms/workflows from the Shared Items tab, do not include the option to delete or copy them. Deletion of a form/workflow is not available to the "backup designer".  Forms/workflows can be copied by the download/upload functions. The backup designer has the ability to run the Refresh Searchable Fields process to update previous submissions with changes made to Searchable Fields by clicking on the  Action Menu and selecting Refresh Search Fields. This process can be run for a for a particular form or workflow


Let's say users Jack and Jill are both given the ability to edit the Expense report workflow. Jack logs into the workflow designer and begins to make changes. When Jill logs in, she will see the error shown in the image:

 

Access Control/Shared Item Example

Let's consider an example to illustrate how this feature works. An Accounting Department in a company has three employees, Sue, Jack and Jill. There are three project catagories: Sales Demo, Customer Meetings and Infrastructure. Sue is responsible for processing Expense Reports for the Sales Demonstration project, Jack processes Expense Reports for the Customer Meeting project and Jill process Expense Reports for the Infrastructure project. The Accounting employees must have the ability to view and edit only the Expense Report submissions they processed. Jerry is the manager who approves/rejects the Expense Reports. He can view all the Expense Report submissions but cannot edit them. Any employee in the company can submit an Expense Report. Jerry, Jack, Jill and Sue are workflow administrators so you will see the  Modify icon in the images of their task lists.

The  designer for the company creates an Expense Report workflow that displays the Expense Report form as the first step, then routes the request to the employee's manager (Jerry). If Jerry approves the expenses, then the workflow is routed to Sue, Jack or Jill based on the project category.

In the Expense report form, there is a dropdown control for the Project Type and a business rule that populates a text control named AccountUser with the user id of Sue, Jack or Jill based on the project type selected. You can populate the AccountUser control from a back end system or by user entry but we will use the business rule for this example.

To comply with these requirements, the company  designer has configured the Access Control screens for the Expense Report as shown:

Let's say Tom Cat submits three Expense Reports, one for each project type:

The workflow routes the three tasks to Jerry the Reviewer. It is his responsibility to approve/reject the expenses. When Jerry logs into , Tom's Expense Reports appear on his task list. The Access Control permissions above allow him to view the Audit trail for these tasks as well. Jerry approves all three Expense Reports and the workflow is routed to the user id specified in the {AccountUser} template in the Expense Report form. Remember, we used this template when assigning access control. The Sales Demonstration Expense Report goes to Sue for final processing while the Customer Meeting Expense Report is routed to Jack and the Infrastructure Expense Report is routed to Jill.

When Sue logs into , she will see tasks for any employees in the company who submitted an Expense Report for the Sales Demonstration project. Tom's will be among them. She can view the Audit trail for the workflow as indicated by the  View Task History icon. 

When Sue completes the processing. and clicks on the Shared Item tab, she will see only the Expense Report submissions that she processed. She can edit the submissions or delete SUBMITTED, ABORTED  or submissions reporting an error condition, if necessary. 

When Jack logs into , Tom's Expense Report for the Customer Meeting project will appear on his Task List along with any others submitted by company employees. Jack can view the Audit trail for the workflow as indicated by the  View Task History icon. 

When Jack completes the processing and clicks on the Shared Item tab, he will see only the Expense Report submissions that he processed. He can edit the submisions and SUBMITTED, ABORTED submissions or submissions reporting an error condition, if necessary. 

When Jill logs into , Tom's Expense Report for the Infrastructure project will appear on her Task List. She can view the Audit trail for the workflow as indicated by the  View Task History icon.

When Jill completes the processing and then clicks on the Shared Item tab, she will see only the Expense Report submissions that she processed. He can edit the submisions and SUBMITTED, ABORTED submissions or submissions reporting an error condition, if necessary. 
 

When Jerry signs on to  and clicks on the Shared Items tab, all of the Expense Report submissions will be listed in the Submissions Table. Jerry is a Reviewer and can view submissions but he will not be able to edit or delete them. 

If Jerry clicks the selects all the submissions and tries to Delete them this deletion confirmation messages will display:

When he clicks OK, the deletion will be denied and one of these error messages will display.

Harry is the company Technical Writer. Since the form/workflow visibility is set to Public in Tenant, Harry will be able to access the form/workflow if he needs to submit an expense report after he logs onto  but he does not need permissions to view/edit the Expense Report submissions. When Harry clicks on the Shared Item tab it will be empty.