User is able to invoke the workflow on pages/assets on which he has only read permission. | Community
Skip to main content
S
saurabhs7556718
New Participant
May 15, 2017
Solved

User is able to invoke the workflow on pages/assets on which he has only read permission.

  • May 15, 2017
  • 7 replies
  • 1200 views

Hello,

if a user has only read permission on a dam folder will he be able to invoke workflow ?  since workflow modifies the payload hence it should not happen. Am I missing anything? could someone please help.

Thank you. 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by smacdonald2008

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

7 replies

smacdonald2008
smacdonald2008Accepted solution
New Participant
May 17, 2017

From the Eng team -- 

any member of the workflow-users group can list and start workflows, irrespective of their permissions on the payload the selected to run the workflow.

MC_Stuff
MC_Stuff
New Participant
May 17, 2017

Hi Saurabh,

Possible options at in ui disable the workflow option if user does not have permission on the folder Or 

in the workflow model add a first step  to check the workflow initiation permission & end accordingly.

Thanks,

S
saurabhs7556718Author
New Participant
May 16, 2017
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.
S
saurabhs7556718Author
New Participant
May 16, 2017
        Hello Sam, the article describes "how to deny READ access to the Publish Example workflow-model." This can be done from user administration console. As per my requirement, An author has read on all 40 assets folder, but read , write and modify on one folder - where he is supposed to invoke custom publishing workflow. he should not be able to invoke that workflow for rest 39 folders where he has only read. How should i go ahead with it.
smacdonald2008
smacdonald2008
New Participant
May 16, 2017

With workflows - you can set permissions as talked about in this older KB.

https://helpx.adobe.com/experience-manager/kb/WorkflowModelsPermission.html

S
saurabhs7556718Author
New Participant
May 16, 2017
      Hey, Thank you for you suggestion, but ideally author should not able to initiate it. and restricting it through code - how do we do it?
MC_Stuff
MC_Stuff
New Participant
May 16, 2017

Hi Saurabh,

   Workflow does not use user session & you need to restrict for workflow access.  It is has designed. 

Thanks,

Terms & ConditionsAccessibility statement

Loading footer...