Active IQ Unified Manager Discussions

Workflow approval

gbarretoxx
4,067 Views
Hi,

My customer wants to delegate approval rights to a person or a group that should not have privileges to edit/create/delete workflows.

Could someone please assist ? How do we do it ?

Thanks,
4 REPLIES 4

abhit
4,012 Views

1. Create another operator who is the approver. Let us say X.

2. Create a category and add the user X and the workflows which can be approved to that particular category.

3. X will be able to approve, however won't be able to edit/create/delete workflows.

 

Regards

Abhi

 

Adai
3,986 Views

Hi 

   WFA by default has 5 role type and one can create either a local user and assign them these roles or use thier AD/LDAP users and assing them these roles.

 

The lowest level Role is called a Backup Role:

As the name suggest, it allows the one to backup and restore. Its doesnt allow the user to loging to WFA gui but just use the powershell cmdlet to create and restore backups.

 

The next role is called a Guest Role( I would personally call it Read Only Role):

  • Doesnt have access to DesignerTab ( there by CANNOT modify, create or delete any or the workflow or its building blocks)
  • Cannot execute a workflows
  • Just read only access to Execution and Portal and Client Settings under Administration

The next role is called an Operator Role:

  • No access to Designer Tab
  • Can Exeute a Workflow
  • By default approve any approval point
  • Export/Import Worflow
  • Backup & Restore

The next role is called Architect

  • He can do all of operator
  • Has access to designer to create, modify, delete
  • View Logs

The user with admin role can do all that architect can Plus

  • Create new users
  • Run Setup Wizards for DataSources
  • Modify WFA Configurations

 

So by default any user with any of the 3 roles, namely operator, admin and architect can approve a approval point.

But admin and architect can do CURD ( create, read, update and delete) Operations on workflow and its building block.

The operator can approve and execute a workflow, but has no access to Designer.

 

By default all users with operator role can approve workflow, unless you explicitly go and uncheck under WFA Configuration > Other.

 

Hope this helps

 

Regards

Adai

IVENTSTORAGE
3,397 Views

Hi,

 

And how to create a new role within wfa.

 

one who can modify and create new users only?

 

Thanks Danny


@Adai wrote:

Hi 

   WFA by default has 5 role type and one can create either a local user and assign them these roles or use thier AD/LDAP users and assing them these roles.

 

The lowest level Role is called a Backup Role:

As the name suggest, it allows the one to backup and restore. Its doesnt allow the user to loging to WFA gui but just use the powershell cmdlet to create and restore backups.

 

The next role is called a Guest Role( I would personally call it Read Only Role):

  • Doesnt have access to DesignerTab ( there by CANNOT modify, create or delete any or the workflow or its building blocks)
  • Cannot execute a workflows
  • Just read only access to Execution and Portal and Client Settings under Administration

The next role is called an Operator Role:

  • No access to Designer Tab
  • Can Exeute a Workflow
  • By default approve any approval point
  • Export/Import Worflow
  • Backup & Restore

The next role is called Architect

  • He can do all of operator
  • Has access to designer to create, modify, delete
  • View Logs

The user with admin role can do all that architect can Plus

  • Create new users
  • Run Setup Wizards for DataSources
  • Modify WFA Configurations

 

So by default any user with any of the 3 roles, namely operator, admin and architect can approve a approval point.

But admin and architect can do CURD ( create, read, update and delete) Operations on workflow and its building block.

The operator can approve and execute a workflow, but has no access to Designer.

 

By default all users with operator role can approve workflow, unless you explicitly go and uncheck under WFA Configuration > Other.

 

Hope this helps

 

Regards

Adai


 

abhit
3,389 Views

A role restricted to just creating users is not possible in WFA today.

If you can explain the use case, it will help.

 

Regards

Abhi

Public