Workflow User Roles and Security
Overview
There are two sort of user accounts involved with workflows:
- Normal user accounts (people) that create and manage triggers and workflows.
- Service user accounts - special ‘internal’ accounts that are used when a workflow is running. See Service Accounts
User Accounts
Users that wish to create or edit workflows and triggers, in Paygate, need to correct access rights. In Paygate, we manage access to different parts of the system using the roles system.
A user that wishes to view a workflow diagram in the Paygate Client needs the ‘View Workflow’ role. A user that wishes to delete a trigger needs the ‘Manage Workflow’ role. The table below shows which roles are required for the various workflow related tasks.
| Execute autonomous WF | Execute WF in Designer | Validate WF | View WF in designer | Create WF | Edit WF | Clone WF | Delete WF | View Triggers | Create Trigger | Edit Trigger | Clone Trigger | Delete Trigger | View Logs | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| View Workflow | Yes | Yes | ||||||||||||
| Manage Workflow | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||||
| Execute Workflow | Yes - Set in Start node | Yes - User running the WF and the user in start node | Yes | Yes | ||||||||||
| View Telemetry | Yes |
Note Please be aware that when executing a workflow in the Workflow Designer, both user and service account roles are required:
- The user pressing the ‘Execute’ button must have the ‘Execute Workflow’ user role.
- The Service account set in the ‘Start Node’ must also have the ‘Execute Workflow’ role.