Every object type added to a role requires workflow permission configurations, which allow you to create an additional layer of security on an object for both global and explicit permissions. Through these configurations, you can control the data a user can see and the actions a user can take on an object.
Workflow permissions on an object type.
With the exception of All States, the following permissions can be applied to each individual state added to an object type:
- All States: Clicking All Triggers, Create, Read, and Edit in this section will automatically enable these rights for all states in the workflow. When All Triggers is selected, users can view and click all triggers on a form to transition an object to its next state. The triggers that are visible to the user depend on whether the object is in the state associated with the trigger.
- Create: Users can create a new object. This permission applies only to the Creation state of the object type. When granting a user this permission, you must also enable one or more triggers for this state.
- Read: Users can view the object when it’s in the selected state. You cannot select Edit, Delete, or Manage permissions unless Read has been selected.
- Edit: Users can edit existing objects in the selected state.
- Delete: Users can delete existing objects in the selected state.
- Manage: Users can add other users with explicit permissions on the object type to a role field on a configurable form to give them access to the object while it’s in the selected state. Note that the user added to the role field on the form will not see the object until it’s in a state they have permission to view. Manage is applicable to explicit permissions only
- Triggers: Users can see and click the selected trigger on a form to transition an object to its next workflow state. The trigger will be visible only when the object is in the state associated with the trigger.
- Assign: Once the object is in the selected state, users who have been granted permission to view the object through a role with explicit permissions will see it in their task list on the My Tasks page.
- Select a default form this state for this role: The form users will see when using the Search feature, Quick Add to create an object, viewing an assessment table on a form, or opening an object via the relationship graph:
- If you do not choose a form from this dropdown menu, the object type’s default form will be displayed.
- If you select Default Form from this dropdown menu, the user will see the form selected by an administrator elsewhere in Core.
- If you select a configurable form from this dropdown menu, the selected form will be displayed.
The "Select a default form for this state for this role" dropdown menu in the workflow permissions.
Forms selected in an action, view, data visualization, or relationship table will override any selections made in the Select a default form this state for this role field.
Workflow permissions can be configured on new roles by adding an object type to a role, then clicking Edit Permissions. For existing roles, open the Edit Role page, then click on a previously added object type to edit the permissions.