Publishing Workflow Security

In Release 6.3.0, a new feature "Create Publishing Workflow" was implemented.   A Publishing Workflow is an object designed to define the processes to support Data Governance of elements with a Category.

The Publishing Workflow's processes are managed through designated Groups.  See this Article to understand the relationships between Groups, Power Users and Categories within this feature's processes.

Admins may designate whether or not this Privilege is used in a given instance by clicking the Edit icon on its entry in the grid on the Privileges List Page.

In Release 6.3.1, two additional functions were added:

  1. A Power User Permission to access a Publishing Workflow can be either Edit or Use Access.  Only Power Users with Edit Access can access the Publishing Workflow Editors.  Power Users with Use Access can participate in the Workflow itself.
  2. The "Extended Security" Privilege related to Publishing Workflows is implemented. A Power User who created a new Workflow or with Edit Access to it can assign object Permissions to Groups to which the Power User belongs or has Edit Access and individual Power User members of those Groups; with Extended Security, that Power User can grant access to any Group or individual Power User.

CONTROLLING ACCESS TO A PUBLISHING WORKFLOW

There are three Privileges associated with Publishing Workflows:  

  1. Use Content Center: required for any Power User who is assigned to a workflow to participate in the process
  2. Create Publishing Workflows:  required for any Power User who creates or edits a workflow's settings on its Editor and allows granting Permission to Use or Edit the Workflow to Power User Members of Groups to which the Power User belongs or has Edit Access
  3. Extended Security:  required for a Power User to be able to grant Publishing Workflow access to any User or Group

From the Workflow, Group and User Editors,  either of two Permissions can be granted to allow a  a Power User to:

  1. "Use" a workflow (added in 6.3.1); i.e., add it to an element or participate in the steps of a given Publishing Workflow.  This must be accompanied by the "Use  Content Center" Privilege
  2. "Edit" a Publishing Workflow; i.e.,  access its Editor, make changes to the process and grant Permissions.  This must be accompanied by the "Create Publishing Workflow" Privilege. A Power User with Edit Access also has the ability to add the Workflow to  element or participate in the steps of a given Publishing Workflow if the Power User has "Use Content Center" Privilege.

On the Publishing Workflows List page list:

If a Power User has Use Access to a Publishing Workflow but does not have the Use Content Center Privilege, when a user clicks the  View link in the last column,  the  user is taken to the associated Workflows  Publishing Board.  Since the Publishing Boards exist in the Publishing tab on the Content Center, they appear slightly differently to a PU without the Content Center Privilege since the tabs do not appear at the top.  The URL is the same, thus it is the same page.

Caution with accessing the Content Center:

If a Power User has no Permissions other than View Access to one Publishing Workflow and all Privileges except Use Content Center:

  1. User sees the Publishing Workflows entry in the Content menu
  2. Clicking this entry opens the Content Center
  3. User sees that Publishing Board

If the Create Publishing Workflow Privilege is removed, the Publishing Workflows entry is removed  from the Content Menu:

  1. User CANNOT see the PW to which he has View Access unless he has Use Content Center to interact with the Publishing Workflow via the Publishing Board  tab on the Content Center page

1. Assign the Privilege(s)

Admins: Admin  > Users & Groups > Group or User name link > Info tab

Power User:  Admin > Groups > Group name link > Info tab (Groups to which Power User has Edit Access)

  1. Click [+Privilege to User or Group]
  2. (Optional) Query on "Publishing"
  3. (Optional) Select Grouping:  Data Governance
  4. Select the Parent Privilege only or both

[Save]

2. Privileges Details

The "Create Publishing Workflow" Privilege has the following attributes:

  1. Type:  Parent of " Allow Power Users to grant Publishing Workflow access to any User or Group"
  2. Grouping:  Data Governance
  3. Assign to:  Power Users and Groups only
  4. Description:  "Allows a Power User to define and manage a Publishing Workflow for use in Data Governance"
  5. Processing:  
    • A Power User with this Privilege can:
      • See a "Publishing Workflows" entry in the user's Content Menu and, through it, access an Editor via its active Name link
      • Create a new Publishing Workflow
      • With Edit Access to a Publishing Workflow, use the Permissions button to grant Permissions to the a Workflow to Groups to which the user belongs or has Edit Access and to individual Power Users who are members of these Groups
      • Edit the Workflow on its Editor
      • Add Categories to the Workflow if the Power User has View or Edit Access to the Category

The Extended Security Privilege, " Allow Power Users to grant Publishing Workflow access to any User or Group",  is defined as follows:

Type: Child of "Create Publishing Workflows"

Grouping Data Governance

Assign to:  Power Users and Groups only

Processing:

  1. If this Privilege is selected for a User or Group that does not already have the parent Create Publishing Workflows Privilege, the parent is automatically selected and both Privileges are granted to the User or Group.
  2. When a PU has this Extended Security Privilege:
    1. The Group and User drop-down lists on the Group/User Editors or Publishing  Workflows Editors Permissions popup are expanded to include all Users or Groups.

3. Grant Permissions to the Publishing Workflow

Admins and Power Users:  Content menu > Publishing Workflows > active Name link > Editor > Permissions button

  1. Click [+ Group Edit Access to Publishing Workflow]
    • On the popup, select a Group
      • Power Users:  any Group to which the user belongs or to which user has Edit Access
      • Admins:  select any Group
      • [Save]
    • Repeat if necessary
  2. Click [+ User Edit Access to Publishing Workflow]
    • On the popup, select a User
      • Power Users:  Any Power User that is a member of  Groups to which the user belongs or to which the user has Edit Access
      • Admins: select any Power User
  3. Allow the Power User or Group Power User members to have Edit or Use Access to the Publishing Workflow

[Save]

Repeat if necessary

[Close]