Skip to main content
Question

Elevated Security through BPA Workflow

D
Sidekick (Customer)
Forum|alt.badge.img+6

Is there a way to run a workflow using a service user/end user or some way to have it run with a different security level? I want a user to be able to edit one field on a Customer Order without granting write access to CustomerOrderHandling. Only able to edit a field through a button that calls a workflow to modify.

Or is there a better way to handle this? I don’t think field level security is possible in IFS Cloud outside of page designer/contexts.

3 replies

C
Do Gooder (Customer)
Forum|alt.badge.img+7
  • clint1028
  • Do Gooder (Customer)
  • 33 replies
  • April 14, 2025

I haven’t heard of setting security at a single field level.

We have several screens (LU’s) that we have created a custom LU that is accessible via a button.  That functionally works the way you asking.  The custom LU is like a child LU that captures approval for specific scenarios.

For instance we have on for the Change Order LU that is called Change Order Actions

User clicks the Change Order Action button and gets taken to a Screen to capture records related to approval.

The main LU has a Validation that checks to make sure Change Order actions are completed before allowing status to change.

Vimukthi Mahakumbura
1 person likes this
  • Vimukthi Mahakumbura
    Vimukthi Mahakumbura
addaneh
Sidekick (Partner)
Forum|alt.badge.img+8
  • addaneh
  • Sidekick (Partner)
  • 32 replies
  • April 15, 2025

This will be solved with a new feature in 25R1.

From the news ppt:

User permissions at Workflow level - Support for granting user permissions for Workflows

To overcome the issue of executing Workflows when individual API grants do not exist, another type of grant can be introduced at the Workflow level.

To ensure the secure execution of Workflows, a privileged user can provide this grant at the Workflow level. This authorization indicates that the Workflow can be executed without individual API grants. Workflow-level authorization ensures that all tasks within the Workflow can be performed by the user, even if individual APIs are not accessible.

//Andreas

dsj
1 person likes this
  • dsj
    dsj
dsj
Ultimate Hero (Partner)
Forum|alt.badge.img+22
  • dsj
  • Ultimate Hero (Partner)
  • 868 replies
  • April 15, 2025

Hi ​@dustin_arp 

as a workaround until the workflow level permission is added in 25R1 as ​@addaneh mentioned, you can use the workflow REST API to invoke it as a elevated service user. You need two workflows for the setup

Workflow 1- Do the change in the relevant field of CustomerOrderHandling. You need OrderNo as minimum variable when invoking this as a rest api.

 

Workflow 2 - Call workflow 1 using IFS REST API with client credentials authentication connected a service user who has permission to modify CustomerOrderHandling. In the Json body, add the OrderNo and other variables if necessary. Execute the workflow 2 using a custom command.

url syntax for staring a workflow as a REST API: https://<host_name>/main/ifsapplications/projection/engine-rest/process-definition/key/<Process_key>/start

 

Check the below post on more details of the payload format and a step by step guide to invoke a workflow using a REST API

Is it possible to execute a different workflow inside a workflow? | IFS Community

 

Hope it helps!

Damith

DSJ - https://dsj23.me
addaneh
1 person likes this
  • addaneh
    addaneh

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings