Process Model

1.What is the difference between Run as whoever started this Process and Run as whoever designed the Process Model ? 

Pls explain

  Discussion posts and replies are publicly visible

Parents
  • 0
    Certified Lead Developer

    1.  You're taking essentially no effort to not show this is an interview or test question.

    When you run as whoever started this Process, you're using your own credentials.  So if the user who clicked the action or related action, or however the process got started can't do the particular thing, it can't be done.  This enforces security and is good in some situations.  However, you'll find that users frequently aren't allowed to do much at all; security can be very, very tight.  Run as whoever designed this process model let's you do a lot more if the person who designed the process model was a System Administrator, for instance.  In the cases where you need to, you still define security by defining who can start the process model.

  • 0
    Certified Lead Developer
    in reply to Dave Lewis

    Adding to this, I recommend to try to not use this configuration except of very rare cases. The reason is, that the process model is typically deployed to the production environment by a technical user which is of type system admin.

    When you now configure a node to run in the designer context, you basically run this node with unlimited permissions.

    Use this only for nodes which explicitly need that, like Create Group.

  • 0
    Certified Lead Developer
    in reply to Stefan Helzle

    Yep, I would say in general rule of thumb is to use user credentials as much as possible.  If it absolutely cannot possibly work unless you set it to run as whoever designed this PM, then you may use that feature.

    You have the potential to allow for vertical privilege escalation attacks if you abuse it or utilize it too much.

Reply Children
No Data