Workflow Security


During runtime, a workflow executes its activities using the permissions of the user who executed the workflow.

Workflow Users

The workflow execution process uses the following workflow users:

  • Workflow executor: A user that can execute the workflow. When a workflow is executed, the permissions of the executor are used to perform the activities.

  • Workflow creator: A user that creates and deploys the workflow. The workflow creator is a user with permissions sufficient to run workflow activities that require higher permissions, such as activities that can access the CommServe database.

For information about workflow permissions, see Permissions and Permitted Actions by Feature: Workflow. For information about user security, see Security Associations.

User Impersonation

Although the workflow executor determines the permissions used during runtime, there are some workflow activities that require higher permission from other users. These workflow activities are:

For example, to execute the CommServDBQuery activity, you must have administrative privileges at the CommCell level. If you are a user with sufficient permissions, you can use the impersonateCreator activity to run the CommServe query, and therefore allow users with lower permissions to execute your workflow. After the CommServDBQuery activity is complete, you can revert to original permissions using the executor’s permissions by using the impersonateExecutor activity.