- Administering User Guide overview
- Sites Features
- Website Administration
- Reusing Content: Multi Site Manager and Live Copy
- Live Copy Overview Console
- Configuring Live Copy Synchronization
- Creating and Synchronizing Live Copies
- MSM Rollout Conflicts
- MSM Best Practices
- Translating Content for Multilingual Sites
- Managing Translation Projects
- Identifying Content to Translate
- Preparing Content for Translation
- Creating a Language Root Using the Classic UI
- Connecting to Microsoft Translator
- Configuring the Translation Integration Framework
- Language Copy Wizard
- Translation Enhancements
- Translation Best Practices
- Configurations and the Configuration Browser
- AEM FAQs
- Operations
- Dashboards
- Operations Dashboard
- Backup and Restore
- Data Store Garbage Collection
- Monitoring Server Resources Using the JMX Console
- Working with Logs
- Configure the Rich Text Editor
- Configure the Video component
- The Bulk Editor
- Configuring Email Notification
- Configuring RTE for Producing Accessible Sites
- The Link Checker
- Troubleshooting AEM
- Audit Log Maintenance in AEM 6
- Editor
- Managing Access to Workflows
- Using cURL with AEM
- Configuring Undo for Page Editing
- Proxy Server Tool (proxy.jar)
- Configuring for AEM Apps
- Administering Workflows
- Configuring Search Forms
- Tools Consoles
- Reporting
- Administering Workflow Instances
- Configuring Layout Container and Layout Mode
- Enabling Access to Classic UI
- Starting Workflows
- Configure the Rich Text Editor plug-ins
- Admin Consoles
- Security
- User Administration and Security
- User, Group and Access Rights Administration
- Security Checklist
- OWASP Top 10
- Running AEM in Production Ready Mode
- Identity Management
- Adobe IMS Authentication and Admin Console Support for AEM Managed Services
- Creating a Closed User Group
- Mitigating serialization issues in AEM
- User Synchronization
- Encapsulated Token Support
- Single Sign On
- How to Audit User Management Operations in AEM
- SSL By Default
- SAML 2.0 Authentication Handler
- Closed User Groups in AEM
- Granite Operations - User and Group Administration
- Enabling CRXDE Lite in AEM
- Configuring LDAP with AEM 6
- Configure the Admin Password on Installation
- Service Users in AEM
- Encryption Support for Configuration Properties
- Handling GDPR Requests for the AEM Foundation
- Content Disposition Filter
- Personalization
- eCommerce
- Integration
- Integrating with Third-Party Services
- Integrating with Salesforce
- Integrating with Adobe Target
- Integrating with Adobe Analytics
- Connecting to Adobe Analytics and Creating Frameworks
- Configuring Link Tracking for Adobe Analytics
- Mapping Component Data with Adobe Analytics Properties
- Configuring Video Tracking for Adobe Analytics
- HTTP2 Delivery of Content FAQ
- Troubleshooting your Adobe Campaign Integration
- SharePoint Connector Licenses, Copyright Notices, and Disclaimers
- SharePoint Connector
- DHTML Viewer End-of-Life FAQs
- Integrating with Adobe Campaign Classic
- Related Community Articles
- Integrating with Adobe Campaign Standard
- Flash Viewers End-of-Life Notice
- Integrating with Adobe Creative Cloud
- Integrating with Adobe Dynamic Tag Management
- Opting Into Adobe Analytics and Adobe Target
- AEM Portals and Portlets
- Integrating with Dynamic Media Classic
- Troubleshooting Integration Issues
- Integrating with BrightEdge Content Optimizer
- Best Practices for Email Templates
- Catalog Producer
- Integrating with Silverpop Engage
- Integrating with Adobe Campaign
- Integrating with ExactTarget
- Analytics with External Providers
- Integrating with the Adobe Marketing Cloud
- Manually Configuring the Integration with Adobe Target
- Prerequisites for Integrating with Adobe Target
- Adobe Classifications
- Solutions Integration
- Target Integration with Experience Fragments
- Best Practices
- Content Management
Managing Access to Workflows
AEM 6.4 has reached the end of extended support and this documentation is no longer updated. For further details, see our technical support periods. Find the supported versions here.
Configure ACLs according to user accounts to allow (or disable) starting, and participating in, workflows.
Required User Permissions for Workflows
Actions on workflows can be undertaken if:
-
you are working with the
adminaccount -
the account has been assigned to the default group
workflow-users:- this group holds all the privileges necessary for your users to perform workflow actions.
- when the account is in this group it only has access to workflows that it has initiated.
-
the account has been assigned to the default group
workflow-administrators:- this group holds all the privileges necessary for your privileged users to monitor and administer workflows.
- when the account is in this group it has access to all workflows.
These are the minimum requirements. Your account must also be either the assigned participant or a member of the assigned group to take specific steps.
Configuring Access to Workflows
Workflow models inherit a default access control list (ACL) for controlling how users can interact with workflows. To customize user access for a workflow, modify the Access Control List (ACL) in the repository for the folder containing the workflow model node:
- Apply an ACL for the specific workflow model to /var/workflow/models
- Create a subfolder in /var/workflow/models and apply the ACL to that
For information about using CRXDE Lite to configure ACLs, see Access Right Management.
Apply an ACL for the specific workflow model to /var/workflow/models
If the workflow model is stored within /var/workflow/models then you can assign a specific ACL, relevant to only that workflow, on the folder:
-
Open CRXDE Lite in your web browser (for example, http://localhost:4502/crx/de).
-
In the node tree, select the node for the workflow models folder:
/var/workflow/models -
Click the Access Control tab.
-
In the Local Access Control Policies (Access Control List) table, click the plus icon to Add Entry.
-
In the Add New Entry dialog add a new ACE with the following properties:
- Principal:
content-authors - Type:
Deny - Privileges:
jcr:read - rep:glob: reference to the specific workflow
The Access Control List table now includes the restriction for
content-authorson theprototype-wfm-01workflow model.
- Principal:
-
Click Save All.
The
prototype-wfm-01workflow is no longer available to members of thecontent-authorsgroup.
Create a subfolder in /var/workflow/models and apply the ACL to that
Your development team can create the workflows in a sub-folder of
/var/workflow/models
Comparable to the DAM workflows stored under
/var/workflow/models/dam/
You can then add an ACL to the folder itself.
-
Open CRXDE Lite in your web browser (for example, http://localhost:4502/crx/de).
-
In the node tree, select the node for the individual folder in the workflow models folder; for example:
/var/workflow/models/prototypes -
Click the Access Control tab.
-
In the Applicable Access Control Policy table, click the plus icon to Add an entry.
-
In the Local Access Control Policies (Access Control List) table, click the plus icon to Add Entry.
-
In the Add New Entry dialog add a new ACE with the following properties:
- Principal:
content-authors - Type:
Deny - Privileges:
jcr:read
NOTEAs with Apply an ACL for the specific workflow model to /var/workflow/models you can include a rep:glob to limit access to a specific workflow.
The Access Control List table now includes the restriction for
content-authorson theprototypesfolder.
- Principal:
-
Click Save All.
The models in the
prototypesfolder are no longer available to members of thecontent-authorsgroup.
Business.Adobe.com resources
Resources
Adobe Account
