Skip to content

Grant rights to users of a workflow

Continuing on from #625 (closed) and #576 (closed)

We would like users who execute a workflow to be able to take advantage of permissions that they don't have directly delegated to themselves. The use of the permissions will obviously be limited to what is allowed by the workflow template.

The workflow template creator and updater would presumably need to have all the permissions that the workflow template provides.

Ideas:

  • Workflow Templates could have an owner group that needs to have all of the permissions that the workflow provides. This is delegated by the creator at creation time.
  • When creating a Workflow Template, the specific set of permissions that should be granted to executors of the template are selected.
  • These would be selected by asset. e.g. collections that a workflow can modify, assets that can be used.
  • The workflow template code could provide the list of permissions it requires, that the creation UI could show to the creator, explaining which permissions need to be delegated.

Data model:

  • Create a WorkflowTemplateRole model that can hold the OWNERS of the workflow templates.
  • Create a ... model that can hold the permissions granted to executors of a workflow template.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information