cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TransformationEventHandler and ManageWorkflowProfiles Security Role

Gidon_Albert
Contributor

‎07-18-2023 04:39 PM

We have a TransformationEventHandler that adds missing members that is kicked off by the 

 

Select Case args.OperationName						

Case Is = BREventOperationType.Transformation.ParseAndTrans.ProcessTransformationRules 
	'Suspense Invalid Members
	If suspenseInvalid Then Me.XFR_HandleProcessTransRules_SuspenseInvalid(si, globals, api, args)
					
'Create Invalid Members
	If createInvalid Then Me.XFR_HandleProcessTransRules_SuspenseInvalid(si, globals, api, args)

End Select

 

Our security profile assigns different groups to each workflow's execution group. This prevents users in one entity from seeing or executing workflows for another entity. When a user in an execution group tries to import or retransform data, they get the following error: 

Unable to execute Business Rule 'TransformationEventHandler'.
Security Access Error. User is not authorized to access workflow profile.

 

We can avoid this error by setting the ManageWorkflowProfile security role to the same group  that executes the workflow or to 'Everyone', but then the members of that group can see all the workflows.

Any ideas on how to allow the workflow's execution group to perform the import or retransform without triggering the error?

 

0 Kudos
5 REPLIES 5

MarcusH
Contributor III

‎07-19-2023 11:12 AM

It looks like the user needs to have Access to the Workflow right as well. Workflow Execute security access does not give the user Workflow Access security. If you add the Execute group as a child of the Access group that should solve the problem (I think).

0 Kudos

Gidon_Albert
Contributor
In response to MarcusH

‎07-19-2023 02:14 PM

The user is assigned to the group that is assigned to the Access, Workflow Execution, and the Certification SignOff groups:

2023-07-19 14_09_12-OneStream.png

 

This setting triggers the error. However, if we assign the group to the ManageWorkflowProfiles role, the error is not triggered. However, when that is done, the users in that group can see all workflows.

0 Kudos

MarcusH
Contributor III
In response to Gidon_Albert

‎07-20-2023 03:30 AM

It looks like they need access to the Maintenance group as well. I would create a test security group and assign it to the Maintenance group on a workflow and then assign the user to that group. 

0 Kudos

Gidon_Albert
Contributor
In response to MarcusH

‎07-20-2023 11:20 AM

Adding the group to Maintenance doesn't work.

2023-07-20 11_14_22-OneStream.png

0 Kudos

GParreiras
New Contributor III
In response to Gidon_Albert

‎02-21-2024 10:41 AM

Hi @Gidon_Albert
Did you manage to solve this?

0 Kudos
Please sign in! Gidon_Albert
Related Content
Community Resources
Training and Documentation
Additional Resources