We have a TransformationEventHandler that adds missing members that is kicked off by the
Select Case args.OperationName
Case Is = BREventOperationType.Transformation.ParseAndTrans.ProcessTransformationRules
'Suspense Invalid Members
If suspenseInvalid Then Me.XFR_HandleProcessTransRules_SuspenseInvalid(si, globals, api, args)
'Create Invalid Members
If createInvalid Then Me.XFR_HandleProcessTransRules_SuspenseInvalid(si, globals, api, args)
Our security profile assigns different groups to each workflow's execution group. This prevents users in one entity from seeing or executing workflows for another entity. When a user in an execution group tries to import or retransform data, they get the following error:
Unable to execute Business Rule 'TransformationEventHandler'.
Security Access Error. User is not authorized to access workflow profile.
We can avoid this error by setting the ManageWorkflowProfile security role to the same group that executes the workflow or to 'Everyone', but then the members of that group can see all the workflows.
Any ideas on how to allow the workflow's execution group to perform the import or retransform without triggering the error?
It looks like the user needs to have Access to the Workflow right as well. Workflow Execute security access does not give the user Workflow Access security. If you add the Execute group as a child of the Access group that should solve the problem (I think).
The user is assigned to the group that is assigned to the Access, Workflow Execution, and the Certification SignOff groups:
This setting triggers the error. However, if we assign the group to the ManageWorkflowProfiles role, the error is not triggered. However, when that is done, the users in that group can see all workflows.
It looks like they need access to the Maintenance group as well. I would create a test security group and assign it to the Maintenance group on a workflow and then assign the user to that group.