topic Re: ACL on Workflows in Alfresco Archive

ACL on Workflows

blackout — Mon, 12 Mar 2007 11:13:10 GMT

Good day everyone,simple question: is there a way to limit the users who can start a particular workflow? Something like "users form grp1 can start this workflow, users from grp2 can not".Thanks in advance

Re: ACL on Workflows

andy — Mon, 12 Mar 2007 15:43:26 GMT

Hi

This is certainly possible; it is not trivial.

You can add an appropriate permission and roles and assign these to groups or people overall or in some node context - just like Read for example.

This will require some changes to the permission model - a new permission and new roles, and possible a new global permission assignment. You woud also need to add permission protection for the WorkflowService ala public-service-security-context.xml. The UI would then need suitable evaluators adding so start workflow is only shown to the appropriate users.

You could limit access directly by groups in a similar way. The evaluator in the UI would be more of a pain; I can not recall if the API allows you to query if the current user is a member of a given group.

See
http://wiki.alfresco.com/wiki/Security_and_Authentication#Security_Enforcement

Regards

Andy

Re: ACL on Workflows

amdonov — Mon, 27 Aug 2007 19:16:36 GMT

Andy,

My company is willing to take on this development as part of our project's requirements. In addition to limiting who can start a workflow, we want to prevent users from starting two workflows for the same document (Perhaps by preventing workflows from starting on checked out documents).

A quick search of JIRA didn't turn up anything, but I wanted to make sure that someone wasn't already working this. It seems like a key piece of workflow functionality, particularly if the workflow performs some actions with privileges that exceed those of the initiating user.

If I don't hear anything in a couple of days, I will create an issue and start looking at the problem.

Regards,
Aaron