2 Replies Latest reply on Sep 20, 2012 6:20 AM by CQ5User

    ACL based on Workflow and Page

    CQ5User

      Hi All,

       

      I want to have ACL based on Page and Workflow together.

       

      Scenario is like -

      A user/group should have access of two workflows - Workflow1 and Workflow2 in a particular page say Page1.

      Same user/group should have access of only one workflow Workflow1 in other page say Page2.

       

      Based on the above scenario I need to show the Workflow list in Page1 and Page2 sidekick.

      As I undestand, If I give a particular permission on Workflow to a user/group, it will be same across the pages.

       

      Please suggest someways to implement it.

       

       

      Thanks,

        • 1. Re: ACL based on Workflow and Page
          Ryan Lunka Level 3

          That sounds challenging to me.  The workflow engine in CQ is not particularly robust and trying to get really granular with ACL permissions creates a lot of headaches (you'll understand when you go down that path).  Without knowing too many details, an idea that jumps out is using the workflow itself to provide some level of validation.  Maybe the user can launch Workflows 1 and 2 from both Pages 1 and 2, but the the first part of each workflow is validating that a) the user who kicked it off was allowed to and b) the workflow was allowed to execute on the selected payload (page).  You'd probably want to drop an informative workflow task back on the initiator in cases of failed validation.  You have an easier hook for customization within the workflow, because you can develop custom workflow steps using Java or ECMAScript.  This gives you pretty good amount of flexibility.

           

          I'd be curious myself to see if anyone has a different solution to this problem.

          • 2. Re: ACL based on Workflow and Page
            CQ5User Level 1

            I have similar thought as well. Instead of controlling from the UI ( hiding/displaying) I can manage through some custom step that will check the permissions on the payload for that user/group and move to the next step.