Securing a Flow Or Report Action in Service/Workflow CatalogLast Updated: 02/01/2016 Introduced in Verision: 2.0
Control access to a flow or report service in the service catalog by managing the permissions of the entity to which the service refers. To secure a flow or report service, navigate to the folder where the flow or report resides and, in its Actions menu, select Manage > Manage Permissions.
Note: Service Catalog was renamed in Decisions 3.5 to Workflow Catalog.
All of the services in the Service Catalog can be secured by selecting the Service Catalog folder and, in the Actions menu, selecting Manage > Manage Permissions.
In the resulting Manage Folder Permissions pop-up, accounts and groups can be added, allowing us to define their permissions to use or access the services in the Service Catalog. To secure individual services, we will have to manage the permissions of the entities referred to by those services.
For our example, we will:
- Register a new flow in the service catalog.
- Log in as firstname.lastname@example.org who does not have permission to access the flow.
- Log in as an administrator and grant the user email@example.com permission to use the new flow by updating permissions in the flow’s project folder.
- Log in as firstname.lastname@example.org who does have permission to access the flow in the service catalog.
To begin, we navigate to the General category of our service catalog at Service Catalog > General. In the Actions menu, we will select Create Flow Service Catalog Item.
In the resulting Add Flow Service Catalog Item pop-up, we will define the parameters for our new flow service. In the Name field, we will enter the flow item’s name. In the Select Flow drop-down list, we will select the previously created flow, Flow 1, and then we will click the Save button.
As the Administrator, we automatically have permission to see and use our new flow service.
To see whether the user email@example.com has permission to use our service, we can log out and log back in as firstname.lastname@example.org.
When we navigate to the Service Catalog folder, we can see that our new flow service – secured flow – does not appear.
To fix this, we will log out and log back in as email@example.com.
To authorize firstname.lastname@example.org to use our new flow service, we will navigate to the folder secured flows, which is the Designer Project folder where Flow 1 resides. In the Actions menu, we will select Manage > Manage Permissions.
In the resulting Manage Folder Permissions pop-up, we will click the Add button.
In the resulting Edit Object pop-up, under the heading New Account Permission > Account, we will click the Account selector. In the resulting Select Account pop-up, we will select email@example.com and click OK.
Because we only want to grant firstname.lastname@example.org permission to use our new flow service, we will select the CanUse checkbox, and leave the other checkboxes cleared. Each checkbox is associated with increased permissions which can be combined as needed. To save these permissions for email@example.com, we will click Save.
This completes our changes to the permissions structure for our Designer Project folder, so we will click Save.
To see firstname.lastname@example.org’s permissions in action, we will log out and log back in as email@example.com.
Now, when we navigate to Service Catalog, we will see that the secured flow service is visible and can be run by firstname.lastname@example.org.
- Show Report in Service/Workflow Catalog
- Show Reports Folder in Service/Workflow Catalog
- Registering a Flow in the Service/Workflow Catalog
- Registering URL in Service/Workflow Catalog
- Securing Category in Service/Workflow Catalog (disable inheritance, add permissions)
- Adding Service/Workflow Catalog Category