Publishing Workflow Security
In Release 6.3.0, a new feature "Create Publishing Workflow" was implemented. A Publishing Workflow is an object designed to define the processes to support Data Governance of elements with a Category.
The Publishing Workflow's processes are managed through designated Groups. See this Article to understand the relationships between Groups, Power Users and Categories within this feature's processes.
Admins may designate whether or not this Privilege is used in a given instance by clicking the Edit icon on its entry in the grid on the Privileges List Page.
In Release 6.3.1, two additional functions were added:
- A Power User Permission to access a Publishing Workflow can be either Edit or Use Access. Only Power Users with Edit Access can access the Publishing Workflow Editors. Power Users with Use Access can participate in the Workflow itself.
- The "Extended Security" Privilege related to Publishing Workflows is implemented. A Power User who created a new Workflow or with Edit Access to it can assign object Permissions to Groups to which the Power User belongs or has Edit Access and individual Power User members of those Groups; with Extended Security, that Power User can grant access to any Group or individual Power User.
CONTROLLING ACCESS TO A PUBLISHING WORKFLOW
There are three Privileges associated with Publishing Workflows:
- Use Content Center: required for any Power User who is assigned to a workflow to participate in the process
- Create Publishing Workflows: required for any Power User who creates or edits a workflow's settings on its Editor and allows granting Permission to Use or Edit the Workflow to Power User Members of Groups to which the Power User belongs or has Edit Access
- Extended Security: required for a Power User to be able to grant Publishing Workflow access to any User or Group
From the Workflow, Group and User Editors, either of two Permissions can be granted to allow a a Power User to:
- "Use" a workflow (added in 6.3.1); i.e., add it to an element or participate in the steps of a given Publishing Workflow. This must be accompanied by the "Use Content Center" Privilege
- "Edit" a Publishing Workflow; i.e., access its Editor, make changes to the process and grant Permissions. This must be accompanied by the "Create Publishing Workflow" Privilege. A Power User with Edit Access also has the ability to add the Workflow to element or participate in the steps of a given Publishing Workflow if the Power User has "Use Content Center" Privilege.
On the Publishing Workflows List page list:
If a Power User has Use Access to a Publishing Workflow but does not have the Use Content Center Privilege, when a user clicks the View link in the last column, the user is taken to the associated Workflows Publishing Board. Since the Publishing Boards exist in the Publishing tab on the Content Center, they appear slightly differently to a PU without the Content Center Privilege since the tabs do not appear at the top. The URL is the same, thus it is the same page.
Caution with accessing the Content Center:
If a Power User has no Permissions other than View Access to one Publishing Workflow and all Privileges except Use Content Center:
- User sees the Publishing Workflows entry in the Content menu
- Clicking this entry opens the Content Center
- User sees that Publishing Board
If the Create Publishing Workflow Privilege is removed, the Publishing Workflows entry is removed from the Content Menu:
- User CANNOT see the PW to which he has View Access unless he has Use Content Center to interact with the Publishing Workflow via the Publishing Board tab on the Content Center page
1. Assign the Privilege(s)
Admins: Admin > Users & Groups > Group or User name link > Info tab
Power User: Admin > Groups > Group name link > Info tab (Groups to which Power User has Edit Access)
- Click [+Privilege to User or Group]
- (Optional) Query on "Publishing"
- (Optional) Select Grouping: Data Governance
- Select the Parent Privilege only or both
[Save]
2. Privileges Details
The "Create Publishing Workflow" Privilege has the following attributes:
- Type: Parent of " Allow Power Users to grant Publishing Workflow access to any User or Group"
- Grouping: Data Governance
- Assign to: Power Users and Groups only
- Description: "Allows a Power User to define and manage a Publishing Workflow for use in Data Governance"
-
Processing:
- A Power User with this Privilege can:
- See a "Publishing Workflows" entry in the user's Content Menu and, through it, access an Editor via its active Name link
- Create a new Publishing Workflow
- With Edit Access to a Publishing Workflow, use the Permissions button to grant Permissions to the a Workflow to Groups to which the user belongs or has Edit Access and to individual Power Users who are members of these Groups
- Edit the Workflow on its Editor
- Add Categories to the Workflow if the Power User has View or Edit Access to the Category
- A Power User with this Privilege can:
The Extended Security Privilege, " Allow Power Users to grant Publishing Workflow access to any User or Group", is defined as follows:
Type: Child of "Create Publishing Workflows"
Grouping Data Governance
Assign to: Power Users and Groups only
Processing:
- If this Privilege is selected for a User or Group that does not already have the parent Create Publishing Workflows Privilege, the parent is automatically selected and both Privileges are granted to the User or Group.
- When a PU has this Extended Security Privilege:
- The Group and User drop-down lists on the Group/User Editors or Publishing Workflows Editors Permissions popup are expanded to include all Users or Groups.
3. Grant Permissions to the Publishing Workflow
Admins and Power Users: Content menu > Publishing Workflows > active Name link > Editor > Permissions button
- Click [+ Group Edit Access to Publishing Workflow]
- On the popup, select a Group
- Power Users: any Group to which the user belongs or to which user has Edit Access
- Admins: select any Group
- [Save]
- Repeat if necessary
- On the popup, select a Group
- Click [+ User Edit Access to Publishing Workflow]
- On the popup, select a User
- Power Users: Any Power User that is a member of Groups to which the user belongs or to which the user has Edit Access
- Admins: select any Power User
- On the popup, select a User
- Allow the Power User or Group Power User members to have Edit or Use Access to the Publishing Workflow
[Save]
Repeat if necessary
[Close]