2.0 Understanding Authorizations in Workflow Service

Workflow Service relies on predefined authorizations (set of permissions) to provide access to users or groups. The authorizations for administrators are assigned in the application that integrates with Workflow Service. For example, users or groups with Identity Governance Global, Customer, or Access Request authorization will be the Workflow Administrator when Workflow Service is integrated with Identity Governance. For more information about Identity Governance authorizations, see Identity Governance User and Administration Guide.

You must be assigned one of the following authorizations to perform operations on the Workflow Administration Console:

Table 2-1 Workflow Service authorizations

Permissions

For SaaS Deployment

For On-premises Deployment

View the Dashboard and About pages

All authenticated users

All authenticated users

Create and manage forms using the Form Builder

Workflow Administrator

Workflow Administrator

Create and manage workflows using the Workflow Builder

Workflow Administrator

Workflow Administrator

Create and manage templates used for email notifications

Workflow Administrator

Workflow Administrator

Monitor the status and comments for workflow processes

Workflow Administrator

Workflow Administrator

Reassign tasks to other users

Workflow Administrator

Workflow Administrator

Grant or revoke access to the Workflow Administration Console pages

  • Workflow Administrator

  • Customer Administrator*

Workflow Administrator

Customize the Dashboard and other user interface display properties

  • Workflow Administrator

  • Customer Administrator

Workflow Administrator

Add new or modify existing configuration properties in the workflow runtime database

SaaS Operations Administrator**

Workflow Administrator

Export and import workflows and forms from one environment to another

  • Workflow Administrator

  • Customer Administrator

Workflow Administrator

Configure the incoming and outgoing email server settings to notify users of tasks that are triggered when a workflow is executed

SaaS Operations Administrator

Workflow Administrator

Customize the Workflow Engine's default settings and cluster configurations to meet an organization's needs

SaaS Operations Administrator

Workflow Administrator

Change the log levels to support application debugging. This helps to identify and isolate problems caused by configuration errors, invalid user data, or issues related to workflow execution

SaaS Operations Administrator

Workflow Administrator

Enable or disable event logging to the preferred auditing services

SaaS Operations Administrator

Workflow Administrator

* A customer administrator oversees the configuration of a single tenant, such as assigning authorizations or roles to specific users within that company.

** A SaaS operations administrator is a member of the SaaS team who is responsible for customer tenancy operations.

IMPORTANT:The above authorizations and their associated permissions cannot be modified in the Workflow Administration Console. You can, however, assign users or groups as trustees and enable them to perform operations such as editing workflows. For more information about trustees, see Manage User Access.