Lisa Holenstein
ServiceNow Employee
ServiceNow Employee

Workflow Automation CoESecuring Workflow Automation Products - Part 1: Application Access

 

Goal

In this set of Workflow Automation Center of Excellence articles, you’ll learn about various ways to manage access to the Workflow Automation products Flow Designer, Decision Builder, and Process Automation Designer. This topic is quite complex and covers a range of Platform Capabilities, so I’ll break it up into multiple articles for easier consumption.

 

Technology Overview

Flow Designer is our central low-code workflow automation technology. It allows you to automate work on and off the Now Platform with an extensive repository of actions, logic, and integration spokes.

Process Automation Designer runs flows and flow actions to power individual process activities while adding a dedicated UI experience for the process worker with the help of Playbook Experience.

Decision Builder allows you to create Decision Tables to decouple conditions from the logic, making them easier to manage and reuse.

 

Today, we’ll look at three dimensions of access: Application Scope development permissions, access to the respective design interface and its features, and access to objects and data at execution runtime. All of these dimensions can apply individually or cumulatively.

 

Slide7.PNG

Application Access

Unless you want to give your workflow developers full ‘admin’ access, using Delegated Development permissions or the plugin “App Collaboration” will be the process of choice to limit development access to specific scoped applications. Application Collaboration was introduced for App Engine Studio in the Utah release, and an App Engine license is required. It extends and replaces the delegated development system.

 

Delegated Development

Delegated Development allows an admin or application owner to assign specific development and/or deployment permissions to users or groups. These permissions will be limited to the application scope they’re granted in. This option is only available for Scoped Apps, not Global App Bundles. Managing Developers is available from the Application record (sys_app) or the Studio menu.

 

LisaHolenstein_0-1699354219813.png

 

Tip: Learn more about Delegated Development in this Platform Academy session.

 

Application Collaboration

After installing the App Collaboration plugin, the “Manage Developers” link and modal are replaced with “Manage Collaborators” in both AES and Studio IDE, as well as in the Application (‘sys_app’) record form.

The plugin comes with two default Collaboration Descriptors: “Editor” and “Owner”. Additional Custom Descriptors can be created as well. For example, we could make one that includes all Workflow Automation Products: Flow Designer, Process Automation Designer, and Decision Tables.

 

LisaHolenstein_1-1699354273298.png

 

When you request development permission for a user from a given scoped app, a new “Developer Collaboration Task” is created, triggering an approval flow.

This flow will check if that collaboration descriptor is allocated to the user or a group they’re a member of. If so, the request will be approved automatically. If not, an approval is sent to the “App Engine Admins” Group.

 

LisaHolenstein_0-1699356165869.png

 

After approval, the user can access, create, and edit flows, processes, and decision tables for this specific application scope. The permissions can be customized or removed from the same menu if needed.

 

LisaHolenstein_1-1699356179815.png

LisaHolenstein_2-1699356199698.png

 

Continue here to read Part 2: Designer Access

 

Center of Excellence Navigation

  1. Workflow Automation - Center of Excellence
  2. Workflow Automation Migration Considerations
  3. What's new for Workflow Automation?
  4. Resource Hubs
    1. Flow Designer
    2. Decision Builder
    3. Process Automation Designer
  5. FAQ
  6. Checklist
  7. Training
  8. Platform Academy
Version history
Last update:
‎02-14-2025 05:41 AM
Updated by:
Contributors