Project and Portfolio Management Practitioners Forum
cancel

workflow security

SOLVED
Go to solution
Highlighted
Vasily Aksenov
Acclaimed Contributor.

workflow security

Hi all.
PPMC 7.1
1. The user is included in the Security group "all rights".
2. This security group is added to the workflow security for the step "second".
3. Object is on the Workflow step "one" but the user can edit the record.

Is it normal ? Or is it the bug?

rgs, vasily
6 REPLIES
Vasily Aksenov
Acclaimed Contributor.

Re: workflow security

as workaround it is possible to change security for the all object's fields, but it takes a lot of time.
Erik Cole
Acclaimed Contributor.
Solution

Re: workflow security

Normal behavior.

Security Model Guide and Reference, pg. 60:

"By default, the Edit checkbox in the Workflow Security row is selected. This indicates that any user included in the security for the associated workflow (defined in ***any workflow step*** in the Workflow window) can edit request fields."
Vasily Aksenov
Acclaimed Contributor.

Re: workflow security

mmmm...
i need that this particular security group can edit and act on request only on the particular WF step.
So, is it impossible ?

For example "project office" should edit and act on project proposal on the step "proposal approval"

There is a comples security model in PPMC, but we always get the situation that it is impossible to setup needed combination.
Torsten Neumann
Trusted Contributor.

Re: workflow security

Hi Vasily,

although I would normally try to solve such cases using status dependencies, I provide an idea which might work.

First, set the field security of the fields that should be edited in a particular step only to be editable by the "Assigned Group" (use the standard token REQ.ASSIGNED_GROUP_ID).

On the workflow step, use the "Assigned Group" field to enter the security group which should be able to edit the fields. Make sure that you change the "Assigned Group" again on the next workflow step.

Of course you could also use a custom field which you fill with request rules or execution steps, but maybe the solution with the assigned group already helps you.

Cheers,
Torsten
Kintana strikes back... ;-)
Vasily Aksenov
Acclaimed Contributor.

Re: workflow security

Eric!

as you told -

Security Model Guide and Reference, pg. 60:

"By default, the Edit checkbox in the Workflow Security row is selected. This indicates that any user included in the security for the associated workflow (defined in ***any workflow step*** in the Workflow window) can edit request fields."
==
we have checked different options.
if we uncheck "edit" flag fo workflow security - user can not act om workflow (no buttons available).
so PPMC works very strangwe way - as for me.
--
As for me normal function will be - user can edit request only when it is on the workflow step user is linked to.
Erik Cole
Acclaimed Contributor.

Re: workflow security

I agree - it makes little sense to me to allow the fields to be edited by anyone with rights to any workflow step, not just the one it is currently on. But in order to accomplish this, you would need to use field level security like Torsten's example above.