A permission assignment is the combination of a user or group and a permission set. For more information about permission sets, see Managing Permission Sets. You may create permission assignments for users and groups at the global level, the object level, or both. For example, a group may have a global permission assignment that associates it with the Process Author permission set, granting all users in the group permission to create and modify processes. However, if a user in the group is associated with a custom Read-Only permission set for a specific process (the object level), that user is not allowed to modify that process.
NOTE:When a user or group has multiple permission assignments that conflict, the more restrictive permission assignment always takes precedence.
Global security settings determine user and group access to Workflow Automation and all of its functionality. For example, users that create processes need to be associated with the Process Author permission set at the global level.
To configure global security:
In the Global Tasks list, click Configure Global Security.
On the Global Security window, click Add.
Under New Permission Assignment, select the appropriate combination of permission set and user or group, and then click Add.
To complete the permission assignment, click OK.
Object security settings determine user and group access to specific objects in Workflow Automation, such as processes, triggers, and resource groups. For example, a Process Author can be denied access to a particular process by configuring the object-level security settings for that process.
Creating object-level permission assignments restricts the object to accepting only those permission assignments. For example, when you create a permission assignment on Process X that grants Process Authoring permissions to User A, User A becomes the only user with those permissions, except for Workflow Automation Administrators. Workflow Automation denies access to all other users unless you create a new permission assignment for them or remove all other permission assignments from Process X.
NOTE:Object security settings override global settings as long as they are more restrictive. For example, you cannot grant users permission to edit a process in the Configuration Console if they have been denied Process Author permissions at the global level.
To configure object-level security:
On the Security tab of the appropriate window, click Add.
Under New Permission Assignment, select the appropriate combination of permission set and user or group, and then click Add.
To complete the permission assignment, click OK.