Novell Doc: Novell Vibe 3.4 Advanced User Guide - Adding Access Controls to a Workflow

11.4 Adding Access Controls to a Workflow

Novell Vibe enables you to set access controls on workflows that you create. You can set access controls on an entire workflow, or on the individual states of a workflow.

11.4.1 Setting Access Controls on an Entire Workflow

In the Designer page, expand the workflow definition that you created in Section 11.2.1, Creating the Workflow Definition.
Click Workflow Process.
Click Add > Access controls.
Click OK.
Expand Workflow Process, then click Access controls.
Click Add.
Click the access control setting that you want to add.

Delete Access: Enables you to grant specific users rights to delete entries as they transition through the workflow process.

Modify Access: Enables you to grant specific users rights to modify entries as they transition through the workflow process.

Modify Specified Fields: Enables you to grant users or groups who do not have rights to modify an entry (have only rights to view the entry) with rights to modify specific fields within the entry. (Users who already have the right to modify the entry are not affected.)

Field elements must first be configured to allow field-level modifications. You designate which fields have the field-level modification access control by selecting the Allow field level modification option when you are creating or modifying an element within the entry form, as described in Adding Elements to a Form and Modifying Elements in a Form. The elements that have been configured to allow field-level modifications can be modified only by the users that you specify in the Modify Specified Fields access control, and only in the workflow state where this access control exists.

For more detailed information, see TID, Allowing users to modify specific form fields, in the Novell Support Knowledgebase.

Read Access: Enables you to grant specific users rights to read entries as they transition through the workflow process. Furthermore, you can choose whether or not users are allowed to comment or reply to the entries.

Transition Into This State: Enables you to grant specific users rights to transition entries into any state in the workflow.

Transition Out of This State: Enables you to grant specific users rights to transition entries out of any state in the workflow.

This is the access control setting that determines who can see a workflow question. If you are adding a workflow question to your workflow or to an individual state, as described in Section 11.2.10, Adding a Question to a Workflow, and you want to add access controls to determine who sees the question, you must use this access control setting.
Define the access control setting that you added in Step 7 by specifying the following information in the provided form:

Folder Default Access: Select this option to grant access to all users who have access to the folder.

Entry Creator: Select this option to grant access to the user who created the entry.

Team: Select this option to grant access to the team.

Users: Specify individual users to whom you want to grant access.

Groups: Specify groups to whom you want to grant access.

Select an Entry Type: Select an entry type that contains a user list. Users who are in the user list that you select in the Select Elements within the Entry field are granted access.

Select Elements within the Entry: Select the user list fields that are contained within the selected entry type that contain users who you want to grant access.

Access control rights can be granted only for the User List, Group List, and List elements. By default, only calendar entry types and task entry types contain these elements. For Calendars, this is the Attendee, Attendee Groups, and Attendee Teams fields. For tasks, this is the Assigned to, Assigned to Groups, and Assigned to Teams fields.

For information about how to add these elements to existing entry types, or how to create your own custom entry types where you can add these elements, see Section 9.0, Designing Custom Folder Entry Forms.
Click OK.

11.4.2 Setting Access Controls on Individual States of a Workflow

In the Designer page, expand the workflow definition that you created in Section 11.2.1, Creating the Workflow Definition.
Expand Workflow Process, then click the state where you want to add the access controls.
Click Add > Access controls.
Click OK.
Expand the state where you just added the access controls, then click Access controls.
Click Add.
Click the access control setting that you want to add.

Delete Access: Enables you to grant specific users rights to delete entries when they are in this workflow state.

Modify Access: Enables you to grant specific users rights to modify entries when they are in this workflow state.

Modify Specified Fields: Enables you to grant users or groups who do not have rights to modify an entry (have only rights to view the entry) with rights to modify specific fields within the entry. (Users who already have the right to modify the entry are not affected.)

Field elements must first be configured to allow field-level modifications. You designate which fields have the field-level modification access control by selecting the Allow field level modification option when you are creating or modifying an element within the entry form, as described in Adding Elements to a Form and Modifying Elements in a Form. The elements that have been configured to allow field-level modifications can be modified only by the users that you specify in the Modify Specified Fields access control, and only in the workflow state where this access control exists.

After you add this access control to a workflow state and define the fields that can be modified, you cannot select different fields to be modified when adding this access control to a different workflow state.

For more detailed information, see TID, Allowing users to modify specific form fields, in the Novell Support Knowledgebase.

Read Access: Enables you to grant specific users rights to read entries when they are in this workflow state. Furthermore, you can choose whether or not users are allowed to comment or reply to the entries.

Transition Into This State: Enables you to grant specific users rights to transition entries into this state.

This setting is relevant only when a manual transition is defined involving this state.

Transition Out of This State: Enables you to grant specific users rights to transition entries out of this state.

This setting is relevant only when a manual transition is defined involving this state.
Define the access control setting that you added in Step 7 by specifying the following information in the provided form:

Folder Default Access: Select this option to grant access to users who have access to the folder.

Entry Creator: Select this option to grant access to the user who created the entry.

Team: Select this option to grant access to the team.

Users: Specify individual users to whom you want to grant access.

Groups: Specify groups to whom you want to grant access.

Select an Entry Type: Select an entry type that contains a user list. Users who are in the user list that you select in the Select Elements within the Entry field are granted access.

Select Elements within the Entry: Select the user list fields that are contained within the selected entry type that contain users who you want to grant access.

Access control rights can be granted only for the User List, Group List, and List elements. By default, only calendar entry types and task entry types contain these elements. For Calendars, this is the Attendee, Attendee Groups, and Attendee Teams fields. For tasks, this is the Assigned to, Assigned to Groups, and Assigned to Teams fields.

For information about how to add these elements to existing entry types, or how to create your own custom entry types where you can add these elements, see Section 9.0, Designing Custom Folder Entry Forms.
Click OK.

11.4.3 Setting Access Controls on a Manual Transition

In the Designer page, expand the workflow definition that you created in Section 11.2.1, Creating the Workflow Definition.
Expand Workflow Process, expand the state that contains the manual transition where you want to set the access controls, expand Transitions, then click Manual Transition.
Click Add > Manual Transition Access Controls.
In the provided form, specify which users or groups of users who you want to grant access to transition the entry:

Folder Default Access: Select this option to grant access to users who have access to the folder.

Entry Creator: Select this option to grant access to the user who created the entry.

Team: Select this option to grant access to the team.

Users: Specify individual users to whom you want to grant access.

Groups: Specify groups to whom you want to grant access.

Select an Entry Type: Select an entry type that contains a user list. Users who are in the user list that you select in the Select Elements within the Entry field are granted access.

Select Elements within the Entry: Select the user list fields that are contained within the selected entry type that contain users who you want to grant access.

Access control rights can be granted only for the User List, Group List, and List elements. By default, only calendar entry types and task entry types contain these elements. For Calendars, this is the Attendee, Attendee Groups, and Attendee Teams fields. For tasks, this is the Assigned to, Assigned to Groups, and Assigned to Teams fields.

For information about how to add these elements to existing entry types, or how to create your own custom entry types where you can add these elements, see Section 9.0, Designing Custom Folder Entry Forms.
Click OK.