Home > Forum > General > Remove all individual permissions on workflow element level

Remove all individual permissions on workflow element level
0

Hi all!

I want to remove all element privileges on workflow element level (= all users assigned with Add privileges action) from certain workflow elements.

Is there an easy (and maybe built-in way) to remove all these permissions without knowing the BPSId of these users?

I know there is a table WFSecurities, which can be selected and filtered by WFD_ID, but maybe there is an easier way to do this.

Didn't find anything, any help appreciated.

Thanks in advance & best regards, Nik

MVP

Hi,

There is no ready-made solution,
but you can build a simple application and use automation to achieve what you want.
As you noticed, in the WFSecurities table you have login information.
You can join the dbo.CacheOrganizationStructure table and filter by the COS_AccountType = 1 column, these are users (not ad groups or bps grups).
Then, in automation, use a for each loop, return unique logins as the source of the collection, and add a remove permissions action that will be executed for each element of the collection.

Regards.

In reply to: Nikolaus Schusser

Thanks for the info Karol, that's exactly what I thought.

Sorry, I clicked on the wrong button (Wrong answer) and cannot undo that :-)

Best regards, Nik

Hi Karol!

I have one additional question here.

Obviously the field SEC_REASON is important in table WFSecurities.

I tried to figure out the meaning of all the distinct values, unfortunately there is no documentation or related foreign table on that.

I found 5 distinct values in table and figured out their meaning:

SEC_Reason Description
1 Action
5 Added Manually (user@domain.net)
7 Created By
8 Modifying person
9 Tasks

That means I should not remove privileges other than SEC_Reason=1.

Is there any documentation on that?

Thanks in advance!

MVP
In reply to: Nikolaus Schusser

Hi Karol!

I have one additional question here.

Obviously the field SEC_REASON is important in table WFSecurities.

I tried to figure out the meaning of all the distinct values, unfortunately there is no documentation or related foreign table on that.

I found 5 distinct values in table and figured out their meaning:

SEC_Reason Description
1 Action
5 Added Manually (user@domain.net)
7 Created By
8 Modifying person
9 Tasks

That means I should not remove privileges other than SEC_Reason=1.

Is there any documentation on that?

Thanks in advance!

Hi,

If you want to actually remove all permissions for users, it doesn't matter how they got them (SEC_REASON)

But remember that if the user has a task in the elements for which you will delete the user's permissions, he will lose the ability to execute it, because the task assignment action gives him permissions to modify the element at a given stage (reason 9), and after execution it leaves read-only permissions. (reason 8).

Reason 7 is read permissions for the author
Reason 5 means that someone has been given permissions to a given document in admin mode directly on the form.

If you are not sure of the operation you want to perform,
For safety reasons, it is best to make a copy of this table or dump it into Excel to have data for possible reconstruction.

Regards