Advanced Server Options: Starting Workflows
In this tab of the Advanced Server Options dialog box, you can configure a final round of security checks before Workflow will start a workflow or business process request sent by the Workflow Web Service.
To configure Starting Workflow settings
- Select the Advanced Server Options node or any server details in the center Details Pane.
- Click Properties in the Actions Pane, or right-click and select Properties.
- Select the Starting Workflows tab of the Advanced Server Options dialog box.
- Select the Apply rule checks when starting a workflow or business process from the Workflow Web Service check box to enable additional validation of requests received from the Workflow Web Service. If a request does not satisfy one of the following checks, Workflow will not process the request.
- Ensure workflow has an initiator: Workflow Server verifies that the request includes an initiator.
- Verify initiator is the same as the caller: Verify that the caller is trusted to impersonate the initiator. Enabling this option requires additional configuration of the Workflow Web Service.
- Under When starting a business process validate the, configure the Workflow server to do one final validation of the business process rule before starting the business process.
- Requirements: Re-verify that the conditions on the Requirements tab of the business process rule are satisfied.
- Metadata Requirements: Verify that field values and tags on the starting entry satisfy the Metadata Requirements tab of the business process rule.
- Security Requirements: Re-verify that the initiator is allowed to start the business process according to the Security tab of the business process rule.
Laserfiche Client 10 and Web Access 10 support an additional security check that allows Workflow to verify that the initiator of the business process has sufficient entry access rights on the given entry:
- Verify entry access rights: Check entry access rights for users starting business processes from Laserfiche Client 10 and Web Access 10.
- Require valid access token: Enabling this option will prevent Laserfiche Client 9 or Web Access 9 from starting business processes.
Important: Web Access and the Laserfiche Client validate that a user satisfies the Security tab and Requirements tab of a business process rule before allowing that user to view or start that business process. However, Web Access and the Laserfiche Client do not validate Metadata Requirements. You must enable the Metadata Requirements check box to see any effect from the Metadata Requirements tab of a business process rule.
Note: Be aware that appending an additional layer of security checking can introduce a performance overhead to workflow processing.