New article
Recently updated
Restricting access to workflow instances for confidentiality
Who is this article for?
Administrators configuring and managing workflows.
Administration permissions are required.
In some cases, users without the correct permissions may gain unintended access to workflow instances through links in workflow history. This can compromise confidentiality. To prevent this, access should be restricted so only authorized roles can view the original workflow instance.
This article walks you through the process of restricting that access.
1. Restricting access
1.1. Workflow-level
To restrict access on workflow-level:
- Open Administration.
- Select Workflows.
- Go to Workflow Definitions.
- Locate the workflow that requires restricted access.
- Click Take offline before making any changes.
- Open the workflow definition.
- Go to Instance Access.
- Remove groups or users who should not have access.
- Add authorised roles with View permissions.
- Click Save.
- Click Put online.
1.2. User-level
To restrict access on user-level:
- Open Administration.
- Select Personnel.
- Go to Groups.
- For each group with administrative privileges, revoke these permissions:
- Alter Workflows
- View Workflow Fields Audit Trail
- Confirm these permissions are not inherited from other groups or assigned individually.
- Click Save.
- Click Put online.
2. Verifying access
To verify correct access, check each step in the workflow definition to ensure that groups with broad permissions are not assigned as Responsible Parties.
Only users meeting the defined requirements should see the workflow instances.