Forum Discussion

Gidon_Albert's avatar
Gidon_Albert
Contributor II
2 years ago

TransformationEventHandler and ManageWorkflowProfiles Security Role

We have a TransformationEventHandler that adds missing members that is kicked off by the 

 

Select Case args.OperationName						

Case Is = BREventOperationType.Transformation.ParseAndTrans.ProcessTransformationRules 
	'Suspense Invalid Members
	If suspenseInvalid Then Me.XFR_HandleProcessTransRules_SuspenseInvalid(si, globals, api, args)
					
'Create Invalid Members
	If createInvalid Then Me.XFR_HandleProcessTransRules_SuspenseInvalid(si, globals, api, args)

End Select

 

Our security profile assigns different groups to each workflow's execution group. This prevents users in one entity from seeing or executing workflows for another entity. When a user in an execution group tries to import or retransform data, they get the following error: 

Unable to execute Business Rule 'TransformationEventHandler'.
Security Access Error. User is not authorized to access workflow profile.

 

We can avoid this error by setting the ManageWorkflowProfile security role to the same group  that executes the workflow or to 'Everyone', but then the members of that group can see all the workflows.

Any ideas on how to allow the workflow's execution group to perform the import or retransform without triggering the error?

 

Data Integration
Import
Transformation
Workflow
  • MarcusH's avatar
    MarcusH
    Contributor III
    2 years ago

    It looks like the user needs to have Access to the Workflow right as well. Workflow Execute security access does not give the user Workflow Access security. If you add the Execute group as a child of the Access group that should solve the problem (I think).

    • Gidon_Albert's avatar
      Gidon_Albert
      Contributor II
      2 years ago

      The user is assigned to the group that is assigned to the Access, Workflow Execution, and the Certification SignOff groups:

       

      This setting triggers the error. However, if we assign the group to the ManageWorkflowProfiles role, the error is not triggered. However, when that is done, the users in that group can see all workflows.

      • MarcusH's avatar
        MarcusH
        Contributor III
        2 years ago

        It looks like they need access to the Maintenance group as well. I would create a test security group and assign it to the Maintenance group on a workflow and then assign the user to that group.