Managing Access to Workflows
- Topics:
- Administering
CREATED FOR:
- Admin
Configure ACLs according to user accounts to allow (or disable) starting, and participating in, workflows.
Required User Permissions for Workflows
Actions on workflows can be undertaken if:
-
you are working with the
admin
account -
the account has been assigned to the default group
workflow-users
:- this group holds all the privileges necessary for your users to perform workflow actions.
- when the account is in this group it only has access to workflows that it has initiated.
-
the account has been assigned to the default group
workflow-administrators
:- this group holds all the privileges necessary for your privileged users to monitor and administer workflows.
- when the account is in this group it has access to all workflows.
Configuring Access to Workflows
Workflow models inherit a default access control list (ACL) for controlling how users can interact with workflows. To customize user access for a workflow, modify the Access Control List (ACL) in the repository for the folder containing the workflow model node:
Apply an ACL for the specific workflow model to /var/workflow/models
If the workflow model is stored within /var/workflow/models
then you can assign a specific ACL, relevant to only that workflow, on the folder:
-
Open CRXDE Lite in your web browser (for example, http://localhost:4502/crx/de).
-
In the node tree, select the node for the workflow models folder:
/var/workflow/models
-
Click the Access Control tab.
-
In the Local Access Control Policies (Access Control List) table, click the plus icon to Add Entry.
-
In the Add New Entry dialog add a new ACE with the following properties:
- Principal:
content-authors
- Type:
Deny
- Privileges:
jcr:read
- rep:glob: reference to the specific workflow
The Access Control List table now includes the restriction for
content-authors
on theprototype-wfm-01
workflow model. - Principal:
-
Click Save All.
The
prototype-wfm-01
workflow is no longer available to members of thecontent-authors
group.
Create a subfolder in /var/workflow/models and apply the ACL to that
Your development team can create the workflows in a sub-folder of
/var/workflow/models
Comparable to the DAM workflows stored under
/var/workflow/models/dam/
You can then add an ACL to the folder itself.
-
Open CRXDE Lite in your web browser (for example, http://localhost:4502/crx/de).
-
In the node tree, select the node for the individual folder in the workflow models folder; for example:
/var/workflow/models/prototypes
-
Click the Access Control tab.
-
In the Applicable Access Control Policy table, click the plus icon to Add an entry.
-
In the Local Access Control Policies (Access Control List) table, click the plus icon to Add Entry.
-
In the Add New Entry dialog add a new ACE with the following properties:
- Principal:
content-authors
- Type:
Deny
- Privileges:
jcr:read
NOTE
As with Apply an ACL for the specific workflow model to /var/workflow/models you can include a rep:glob to limit access to a specific workflow.The Access Control List table now includes the restriction for
content-authors
on theprototypes
folder. - Principal:
-
Click Save All.
The models in the
prototypes
folder are no longer available to members of thecontent-authors
group.
Experience Manager
- Administering User Guide overview
- Sites Features
- Website Administration
- Reusing Content: Multi Site Manager and Live Copy
- Live Copy Overview Console
- Configuring Live Copy Synchronization
- Creating and Synchronizing Live Copies
- MSM Rollout Conflicts
- MSM Best Practices
- Translating Content for Multilingual Sites
- Managing Translation Projects
- Identifying Content to Translate
- Preparing Content for Translation
- Creating a Language Root Using the Classic UI
- Connecting to Microsoft Translator
- Configuring the Translation Integration Framework
- Language Copy Wizard
- Translation Enhancements
- Translation Best Practices
- Configurations and the Configuration Browser
- AEM FAQs
- Operations
- Dashboards
- Operations Dashboard
- Backup and Restore
- Data Store Garbage Collection
- Monitoring Server Resources Using the JMX Console
- Working with Logs
- Configure the Rich Text Editor
- Configure the Video component
- The Bulk Editor
- Configuring Email Notification
- Configuring RTE for Producing Accessible Sites
- The Link Checker
- Troubleshooting AEM
- Audit Log Maintenance in AEM 6
- Editor
- Managing Access to Workflows
- Using cURL with AEM
- Configuring Undo for Page Editing
- Proxy Server Tool (proxy.jar)
- Configuring for AEM Apps
- Administering Workflows
- Configuring Search Forms
- Tools Consoles
- Reporting
- Administering Workflow Instances
- Configuring Layout Container and Layout Mode
- Enabling Access to Classic UI
- Starting Workflows
- Configure the Rich Text Editor plug-ins
- Admin Consoles
- Security
- User Administration and Security
- User, Group and Access Rights Administration
- Security Checklist
- OWASP Top 10
- Running AEM in Production Ready Mode
- Identity Management
- Adobe IMS Authentication and Admin Console Support for AEM Managed Services
- Creating a Closed User Group
- Mitigating serialization issues in AEM
- User Synchronization
- Encapsulated Token Support
- Single Sign On
- How to Audit User Management Operations in AEM
- SSL By Default
- SAML 2.0 Authentication Handler
- Closed User Groups in AEM
- Granite Operations - User and Group Administration
- Enabling CRXDE Lite in AEM
- Configuring LDAP with AEM 6
- Configure the Admin Password on Installation
- Service Users in AEM
- Encryption Support for Configuration Properties
- Handling GDPR Requests for the AEM Foundation
- Content Disposition Filter
- Personalization
- eCommerce
- Integration
- Integrating with Third-Party Services
- Integrating with Salesforce
- Integrating with Adobe Target
- Integrating with Adobe Analytics
- Connecting to Adobe Analytics and Creating Frameworks
- Configuring Link Tracking for Adobe Analytics
- Mapping Component Data with Adobe Analytics Properties
- Configuring Video Tracking for Adobe Analytics
- HTTP2 Delivery of Content FAQ
- Troubleshooting your Adobe Campaign Integration
- SharePoint Connector Licenses, Copyright Notices, and Disclaimers
- SharePoint Connector
- DHTML Viewer End-of-Life FAQs
- Integrating with Adobe Campaign Classic
- Related Community Articles
- Integrating with Adobe Campaign Standard
- Flash Viewers End-of-Life Notice
- Integrating with Adobe Creative Cloud
- Integrating with Adobe Dynamic Tag Management
- Opting Into Adobe Analytics and Adobe Target
- AEM Portals and Portlets
- Integrating with Dynamic Media Classic
- Troubleshooting Integration Issues
- Integrating with BrightEdge Content Optimizer
- Best Practices for Email Templates
- Catalog Producer
- Integrating with Silverpop Engage
- Integrating with Adobe Campaign
- Integrating with ExactTarget
- Analytics with External Providers
- Integrating with the Adobe Marketing Cloud
- Manually Configuring the Integration with Adobe Target
- Prerequisites for Integrating with Adobe Target
- Adobe Classifications
- Solutions Integration
- Target Integration with Experience Fragments
- Best Practices
- Content Management