Run as whoever designed the model

Certified Lead Developer

Hi all,

 

What do you think of Setting the security of the lane that starts a process as "Run as whoever designed the model"? Is it a good practice? What happens if the designer leaves the Company and the user gets deactivated? Is it recommened to use instead Run as whoever started the process? I am interested in knowing if this could cause a security error.

 

Kind regards,

 

Jesus

  Discussion posts and replies are publicly visible

Parents
  • I always recommend against running processes as the Designer, unless it's specifically required. I've found it can be used as a crutch for bad security designs.

    Additionally, if the publishing user is deactivated, the processes will break if using this design. You can mitigate this issue by always deploying as a service account user that will never be deactivated. But nonetheless, I believe you should only use this configuration when there is some specific reason to do so.
  • Certified Lead Developer
    in reply to Colton Beck
    Thanks Colton. Your answer is in line with my thoughts but another question came to me reading you. What if the Setting is "Run as whoever designed the model" but the user that deploys the package in production is a generic Administrator. We would still have a Problem if the designer user is deactivated, wouldnt we?
Reply
  • Certified Lead Developer
    in reply to Colton Beck
    Thanks Colton. Your answer is in line with my thoughts but another question came to me reading you. What if the Setting is "Run as whoever designed the model" but the user that deploys the package in production is a generic Administrator. We would still have a Problem if the designer user is deactivated, wouldnt we?
Children