Securing a Flow Or Report Action in Service/Workflow Catalog

Last Updated: 02/01/2016 Introduced in Verision: 2.0

Control access to a flow or report service in the service catalog by managing the permissions of the entity to which the service refers. To secure a flow or report service, navigate to the folder where the flow or report resides and, in its Actions menu, select Manage > Manage Permissions.

Note: Service Catalog was renamed in Decisions 3.5 to Workflow Catalog.

Example

All of the services in the Service Catalog can be secured by selecting the Service Catalog folder and, in the Actions menu, selecting Manage > Manage Permissions.

manage permissions

 

In the resulting Manage Folder Permissions pop-up, accounts and groups can be added, allowing us to define their permissions to use or access the services in the Service Catalog. To secure individual services, we will have to manage the permissions of the entities referred to by those services.

manage folder permissions

 

 

For our example, we will:

  1. Register a new flow in the service catalog.
  2. Log in as a@a.com who does not have permission to access the flow.
  3. Log in as an administrator and grant the user a@a.com permission to use the new flow by updating permissions in the flow’s project folder.
  4. Log in as a@a.com who does have permission to access the flow in the service catalog.

To begin, we navigate to the General category of our service catalog at Service Catalog > General. In the Actions menu, we will select Create Flow Service Catalog Item.

create flow

 

In the resulting Add Flow Service Catalog Item pop-up, we will define the parameters for our new flow service. In the Name field, we will enter the flow item’s name. In the Select Flow drop-down list, we will select the previously created flow, Flow 1, and then we will click the Save button.

add flow

 

As the Administrator, we automatically have permission to see and use our new flow service.

can use flow

 

To see whether the user a@a.com has permission to use our service, we can log out and log back in as a@a.com.

a@a login

 

When we navigate to the Service Catalog folder, we can see that our new flow service – secured flow – does not appear.

no service

 

To fix this, we will log out and log back in as admin@decisions.com.

admin login

 

To authorize a@a.com to use our new flow service, we will navigate to the folder secured flows, which is the Designer Project folder where Flow 1 resides. In the Actions menu, we will select Manage > Manage Permissions.

manage folder's permissions

 

In the resulting Manage Folder Permissions pop-up, we will click the Add button.

add account

 

In the resulting Edit Object pop-up, under the heading New Account Permission > Account, we will click the Account selector. In the resulting Select Account pop-up, we will select a@a.com and click OK.

pick an account

 

Because we only want to grant a@a.com permission to use our new flow service, we will select the CanUse checkbox, and leave the other checkboxes cleared. Each checkbox is associated with increased permissions which can be combined as needed. To save these permissions for a@a.com, we will click Save.

permissions

 

This completes our changes to the permissions structure for our Designer Project folder, so we will click Save.

renewed list

 

To see a@a.com’s permissions in action, we will log out and log back in as a@a.com.

a@a login

 

Now, when we navigate to Service Catalog, we will see that the secured flow service is visible and can be run by a@a.com.

 

a@a sees secured flow 

 

Additional Resources