Locked workflow Parents don't prevent unlocking children

New Contributor

Hi, I'm a little confused with a workflow security issue

I have always assumed that locked and certified parents prevent the unlocking and modification of the workflow steps below it, however I have just tested and found this isn't the case.

I have locked and certified a parent workflow, logged in with a test user that only has access to a single base entity but has the 'unlock workflow unit' security application security role and in my test I am able to unlock my base entity, make changes in forms and relock, all without disrupting the locked and certified status of the parent.

Is that the expected functionality? Does anyone have a recommendation for updating the workflow unlocking so that it will only be allowed if the parent is also unlocked? In my first attempt at an eventhandler I ran into the issue that I couldn't access the locked/unlocked state of the parent workflow without the user also having access to the parent workflow


Honored Contributor

See this: https://community.onestreamsoftware.com/t5/Workflow-and-Data-Integration/Child-workflow-unlocked-whi...

TLDR: "the philosophy of the product is that data is entered strictly in base input profiles, so their locking status is the only one that really matters. Overview profiles are effectively independent. [...] An alternative [ to event handlers] is to restructure your profiles with the above logic in mind, and/or using Named Dependants. "