Run as whoever designed the model

Certified Lead Developer

Hi all,

 

What do you think of Setting the security of the lane that starts a process as "Run as whoever designed the model"? Is it a good practice? What happens if the designer leaves the Company and the user gets deactivated? Is it recommened to use instead Run as whoever started the process? I am interested in knowing if this could cause a security error.

 

Kind regards,

 

Jesus

  Discussion posts and replies are publicly visible

Parents
  • As an additional note - "run as initiator" does not account for processes changing hands; the initiator is inherited from the top level action only. Furthermore, if that user ever gets deactivated, it has immediate and severe implications upon the running process instance tree they've left behind.

    It's for these reasons that on my main project, we are required to do 100% "run as designer" subprocess calls, and make sure that all models in the production environment are published by a shell "admin user" account as Robert mentions above. (We actually do imports under our personal accounts by necesity, and then use a custom app I built to republish all imported process models as the Admin user.)
Reply
  • As an additional note - "run as initiator" does not account for processes changing hands; the initiator is inherited from the top level action only. Furthermore, if that user ever gets deactivated, it has immediate and severe implications upon the running process instance tree they've left behind.

    It's for these reasons that on my main project, we are required to do 100% "run as designer" subprocess calls, and make sure that all models in the production environment are published by a shell "admin user" account as Robert mentions above. (We actually do imports under our personal accounts by necesity, and then use a custom app I built to republish all imported process models as the Admin user.)
Children