This article will walk you through how to configure workflow and record permissions for user groups in Workflow Designer. This includes how to set group workflow and record access and update an existing group permission.
- Click on the Workflow Designer tab and select the workflow configuration you want to modify.
- Click the Create tab, then select Settings.
- Click Add access.
- If you have previously set up record access for this workflow configuration, they will show here.
- In the When column, select "Always" or a condition to determine access. You must already have created the condition in the workflow configuration in order to select it as an option.
- In the Grant access to column, select a group or participant from the drop-down. You can only set access for one group per row.
- In the Workflow column, select whether this group/participant should gain access to the workflow ("Workflow access") or not ("No access").
- In the Record column, select whether this group/participant should gain view or edit access to the workflow configuration's resulting records in Repository.
- Note: This access is subject to Repository access permissions set in Users & Groups. To learn more, refer to Update an Existing Group Permission.
- Save and publish the workflow to reflect these updates.
How Conditional Workflow and Record Access Works
If conditional access is selected in the When column of Workflow and Record Access, when the condition is met, the corresponding group will be added or removed from the workflow or record accordingly. Any time the condition changes, until the Archive step, the permissions will be automatically adjusted.
For example, in the workflow below, there is an access condition based on the question, “Does this document require signature?” When the answer is “No”, no additional groups are granted access to the workflow. When the answer is “Yes”, an additional group is granted access to the workflow. If at any time the answer is changed, the group will be added to or removed from access to the workflow accordingly.
Whenever a relevant condition is changed from false to true, the user is added as a participant. However, unlike groups, whenever a relevant condition is changed from true to false, the participant will not be removed. Conditionally added participants can be manually removed at any time. They will be re-added automatically if a relevant condition changes from false to true.
Upon archive, if any conditions for the user are true, the user will be granted the highest specified record access out of the true conditions. For example, if one condition grants “view” access to the resulting record for a participant and another grants “edit” access to the resulting record for a participant and both are true, the user will be granted “edit” access to the resulting record. This happens for the resulting record even if the user that was conditionally added as a participant was manually removed as a participant from the in-flight workflow.
See which groups and participants have access to the workflow at any time in the upper right corner. Hover over their icons or click Manage to see more detail. By default, the Administrators group has access to all workflows and all records via Company Settings > Users & Groups.
- Click your profile icon in the top right corner, and then click Company Settings > Users and Groups > Groups.
- Click on the group you want to edit, and then click Edit Group.
- Configure your group permissions. Refer to the Group Permissions Overview to learn more about the different settings.