Configuring workflow step permissions
This topic shows you how to allow or deny editors approving and rejecting of documents in certain steps, or making certain step choices.
Allowing users to approve or reject documents
Kentico allows you to assign different users and roles to different steps, which in turn allows the specified users and roles to approve or reject documents in a particular step.
The only steps to which you cannot assign different users and roles are the default:
- Edit step - any user who is editing the document can move the document to the next step.
- Published and Archived steps - only users with the Manage workflow permission under the Content module, and users with the Global administrator privilege level can move the document from these steps.
This procedure applies to both basic and advanced workflow.
To allow users to approve or reject a document in a certain step:
- Edit a step.
- If you’re using basic workflow, click Edit () next to the step. Note that this procedure is applicable only to custom steps in basic workflow.
- If you’re using advanced workflow, click Edit () in the step’s header.
- Switch to the step’s Security tab. Note that in basic workflows, only custom steps have security tab.
- Select which roles you want to be allowed to approve or reject the step. You have the following options:
- None
- Only listed - if you select this option, click Add roles to choose roles you want to add. If you don’t add any roles, the result will be the same is if you select the None option.
- All except listed - if you select this option, click Add roles to choose roles you want to exclude. All other roles will be allowed to approve or reject the step.
- Choose if you want to include or exclude individual users from the list of allowed operators.
- No extra users
- Include the following users - if you select this option, click Add users to choose users you want to add to the list of allowed users. If you don’t add any users, the result will be the same is if you select the No extra users option.
- Exclude the following users - if you select this option, click Add users to choose users you don’t want to be allowed to approve or reject documents in this step.
Advanced workflows - Allowing users to make choices
When using workflow steps that allow multiple choices, you can allow or deny roles and users to send a document through certain branches of the workflow process.
You can allow or deny making choices in the properties of the individual choices. By default, choices inherit security settings form the step they belong to. If you adjust security settings for a choice, these settings will be added to the settings defined for the step.
When determining whether the current user can make a choice, the system first checks security settings for the step. If the user is allowed to approve documents in the step, the system checks whether the user is allowed to make choices. If a user is not allowed to approve documents in the step, the user will not be able to make any choices that belong to the step, regardless of the choices’ settings.
To allow or deny users to make choices, follow these steps:
- Edit the choice by clicking the Edit () button next to it.
- Switch to the Security tab.
- Define roles, which can approve (select) the choice. You have the following options:
- Use step settings
- Only listed - when selected, you can add roles that you want the choice to be allowed for using the Add roles button.
- All except listed - when selected, all users in roles on all sites will be allowed the choice, except for users in those roles, which you select using the Add roles button.
- Define additional users, who can approve (select) the choice. You have the following options:
- Use step settings
- Include the following users - if you select this option, click Add users to choose users you want to add to the list of allowed users. If you don’t add any users, the result will be the same is if you select the No extra users option.
- Exclude the following users - if you select this option, click Add users to choose users you don’t want to be allowed to approve or reject documents in this step.