User access to Workflow Studio flows
Summarize
Summary of User Access to Workflow Studio Flows
Administrators can manage user access to Workflow Studio flows by assigning specific roles and permissions. This access allows users to create, edit, and view details of flows and subflows, which is essential for effective workflow management within ServiceNow.
Show less
Key Features
- Role Assignments: Administrators can assign the flowdesigner role, which provides access similar to admin rights, enabling users to manage flows extensively.
- Workflow Studio Roles: The system includes various roles, such as flowadmin, flowoperator, and actiondesigner, each granting specific capabilities related to flow creation and management.
- API Access: Application developers can utilize APIs to access Workflow Studio functionalities, allowing for integration and customization of flows through code.
- Delegated Development: Administrators can create applications and assign users as developers with delegated permissions for restricted tasks.
- Content Filtering: Role-based filtering can be employed to restrict user access to specific flow content based on their roles.
- Feature Access Management: Administrators can specify additional roles required to access certain UI elements in Workflow Studio.
Key Outcomes
By effectively managing user access through role assignments and permissions, organizations can ensure that the right individuals have the appropriate level of access to create, edit, and manage workflows. This enhances collaboration and streamlines processes, ultimately leading to more efficient operations within ServiceNow.
Administrators can grant users access to Workflow Studio flows by assigning delegated development permissions or directly assigning a user role. Administrators can also specify which features and content a user can access based on user roles. Application developers can access Workflow Studio functionality through APIs for flows, subflows, and actions.
Access by user role
Administrators can grant access to Workflow Studio flows by directly assigning users the flow_designer user role, which includes the role to view flow execution details.
Administrators can also grant users one or more Workflow Studio roles to enable them to create flows and subflows, view flow execution details, and create actions.
| Role title [name] | Description | Contains Roles |
|---|---|---|
| flow_admin | Enables limited admin access to all Workflow Studio flow, subflow, and action content. | flow_designer, flow_operator, flow_write_enabled, action_designer, action_category_creator, action_write_enabled, flow_designer_scripting, connection_admin, flow_report_viewer |
| flow_designer | Enables you to launch the Workflow Studio flow design environment to create and edit flows and subflows. | flow_operator, trigger_designer |
| flow_designer_scripting | Enables someone with the flow_designer or action_designer role to set and modify input values by writing inline scripts. For information, see Inline scripts. | none |
| flow_operator | Enables you to view flow execution details, dashboards, and logs. Administrators can grant this role to users that want to be able to view flow results but not create, change, or test them. | none |
| flow_report_viewer | Enables you to view reports for Workflow Studio flow tables. For a list of relevant flow reporting tables, see Flow execution details retention. | none |
| trigger_designer | Enables you to launch Workflow Studio and create, edit, and delete a saved trigger. | none |
| action_designer | Enables you to launch the Workflow Studio action design environment to create and edit actions. Important: This role provides access to all actions regardless of their application scope. |
none |
| action_category_creator | Enables someone with the action_designer role to create action categories for actions and subflows. | none |
| fd_read | Enables you to launch the Workflow Studio flow and action design environments to view the configuration and execution details of flows, subflows, and actions. Note: Read only roles are incompatible with roles that provide write access. Avoid granting the same user both a read only and a write access role. |
fd_read_flows, fd_read_actions, fd_read_operations |
| fd_read_flows | Enables you to launch the Workflow Studio flow design environment to view the configuration and execution details of flows and subflows. Note: Read only roles are incompatible with roles that provide write access. Avoid granting the same user both a read only and a write access role. |
fd_read_operations |
| fd_read_actions | Enables you to launch the Workflow Studio action design environment to view the configuration of actions. Note: Read only roles are incompatible with roles that provide write access. Avoid granting the same user both a read only and a write access role. |
none |
| fd_read_operations | Enables you to view basic flow and action execution details. When reporting is enabled, you can only see basic execution details such as the runtime state and duration. If the reporting level generates
additional details, you can't see them. Administrators can grant this role to users that only need to view basic execution results but not create, change, or test flows and actions. Note: Read only roles are incompatible with roles that provide write access. Avoid granting the same user both a read only and a write access role. |
none |
| fd_read_operations_all | Enables you to view all generated flow and action execution details. When reporting is enabled, you can view all available execution details. You can only see as much detail as defined by the reporting level
system property. Administrators can grant this role to users that need to view all flow results but not create, change, or test flows and actions. Note: Read only roles are incompatible with roles that provide write access. Avoid granting the same user both a read only and a write access role. |
fd_read_operations |
API access
Application developers can access Workflow Studio functionality through APIs for flows, subflows, and actions. Flow authors can enable individual flows, subflows, and actions to be client callable during design. For more information, see API access to Workflow Studio flows.
Delegated development access
Administrators can grant users access to Workflow Studio flows by creating an application and assigning users as developers with the delegated development permission. Delegated development allows administrators to control whether flow designers can access features normally restricted to admin users such as assigning user roles, creating access controls, or creating scripts. For more information, see Developer permissions.
Role-based content filtering
Specify the user roles necessary to access Workflow Studio flow content. For example, flows, flow triggers, actions, and subflows. Manage content filtering by creating content definitions and content filtering rules. For more information, see Content filtering for Workflow Studio flows.