Change ACL on a workflow step


We have a different ACL per class. Example : AlexK can read and thuet has full access


THIS ACL is assigned to a class :

Then this class is linked to a very simple workflow :

On the draft step we want only the creator to have read / write rights, We have an ACL on the draft stage with "created by" which gives reader / write access to creator :

Next step is "Diffusion", on this step we want to use the ACL defined in the automatic authorization of the class.

We on the diffusion step have not declared anything, hoping that it is the authorization of the class that is taken into account :

On the draft step, the ACL linked to the workflow step is applied, but when the document passes through the distribution step, the ACL of the class is not applied and it is the ACL of the previous stage that remains .

 Progress of the workflow at the delivery step    the rights remain on the access rights of the previous step.

is there a way to no longer apply the rights of the previous step and to apply the rights of the class if nothing is defined on the workflow step ?



  • Hi Thomas, 

    You would need to apply specific NACL on workflow step if you want to change access rights on that specific workflow step. If you don't apply anything you would as you have experienced have same access rights from previous workflow step.

    Access rights that you have defined on class level is related to rights who can create new documents of that specific class, search for specific documents of that class etc. It is in no relation with rights that you set dynamically through workflow and that relate concretely to specific document and not a class as a construct. 

    Hope this helps.


  • Thank you for your reply.

    I understand that once a right has been applied from a worfklows step, it is no longer possible to revert to the rights of the class.

    Could a specific script help on the second workflow step ? find the document class, find the acl associated with this class and apply it ?


  • Hi Thomas,

    If you want give permissions back to NACl you originally used on class level then you would just need to use that NACL on specific (second) workflow step. It is simple as that. You don't need to code, this would be simple configuration in your workflow.

    If you want to explore setting/updating NACLs options, you can check following:

    Be aware that for those actions in most cases you do need to be admin to execute it successfully (usual user would not have rights to run those actions!).

    Bottom line: I would stick with configuration on workflow step.

    Hope helps you further in your examinations.


Reply Children