Increase permission granularity for workflows and state change actions

It would it be great to limit the ability for users to initiate workflows at the workflow level itself.

Currently, you can only grant workflow permissions at the state's role level. However, it's permission to initiate any workflow. It would be great if in addition to role based permissions, which would give you the right to start any workflow, there was workflow security. By default all users would be allowed to start that workflow if their role allows for it at the applicable state, but it would also allow for overriding default access.

For example, I might want to have workflows that perform regular and super-user functionality. I would want my super users to be able to start all functionality workflows, but my regular users to only have access to the regular functionality workflows.

And to expand on the workflow permissions, a similar approach should be applied to state change permissions. As workflows, the ability to change states is granted at the state's role level and any state actions defined can be invoked. I'd like to see the ability to control that.  For example I want users in group x to be able to change to state's a and b while group y can only change to state a.

1 comment

  • Avatar
    Jean Christophe Meriaux Official comment

    Securing user lifecycle actions (workflow, state change) by role is a feature currently in our product backlog, but not planned yet (at this stage).

    Thanks for your product feedback, this is helping our backlog prioritization process,

    Jean-Christophe Meriaux - Vault Platform product management


Please sign in to leave a comment.