There are many Configuration options for Workflow, however the ones that are possibly the most important are the Security options you can use to lock down or open up your Workflow however you need. In this article, we'll take a look at the different Workflow security options available to you in UCM.
To be clear, ONLY Admins can create Stages and order them into a Workflow. Workflow Security refers to Stage Assignee's and whether or not non-assignee's can change a Workflow's Stages.
Note: You can use these Security Options in combination with one another to fit most security needs and scenarios.
No Locks (Entire Workflow)
If you have a small number of Users, or maybe just use Workflow as more of a "status" than an actual process, then you may be fine leaving your Workflow completely open. With this configuration, the only "restriction" on your Workflow will be the order you put them in and whether or not Stages are skippable. There are No Approvals and no Locks on your Assignee's.
To leave your Workflow completely unlocked, make sure that Assignee's Locked (A), Only Current Assignee's Can Update Stage (B), and Approvals (C) are all unchecked and set to no. Approvals are set from the Stage Configuration grid. You can learn more about your Configuration options HERE.
Assignee's Locked (Entire Workflow)
The one exception to this rule is a UCM Admin can still adjust the Assignee's on a per Contract basis, since they have Administrative rights. This lock only applies to Full-Access and Read-Only Users.
When this option is check from the initial Workflow set-up (A), then any Assignee's who an Admin assigns to a Stage through Stage Configuration (B) will be locked and can NOT be edited from within a Contract Container.
For more information on how Assignee's can be edited from a Contract Container, click HERE.
Only Current Assignee Can Update Stage (Entire Workflow)
The one exception to this rule is a UCM Admin can still update a Workflow Stage, since they have Administrative rights. This lock only applies to Full-Access and Read-Only Users.
When this option is check from the initial Workflow set-up (A), then any Assignee's who an Admin assigns to a Stage through Stage Configuration (B) will be the only ones who can move the Workflow out of that Stage, either forward or back.
You could think of this Security option as one step down from an Approval Stage. You are still only allowing select Users to move the Workflow, but you do NOT need ALL Users to manually approve before moving the Stage.
Approvals (Per Stage)
Approvals, unlike the previous two Security Options, are configured on a per Stage basis. This means that Approvals are configured from the Stage Configuration table, which you can learn more about HERE.
In the Table, you'll see a column titled Set Approvals (A), which will let you know which, if any, of your Stages are currently set for Approval. If your Stage has an Approval set, then before the Contract is able to be moved forward in the Workflow, even by a UCM Admin, ALL the Assignee's must approve the Contract and leave a Note using the Approver Scorecard (B).
Once all Assignee's have Approved, regardless of their position in the Approver Scorecard, the Contract will automatically update to the next Stage. This is incredibly helpful in situations with multiple Stage Assignee's, but no one single User was given directions to move the Workflow forward once everyone has Approved. Now, there is no need to worry about a Contract not moving, even though it is fully Approved. UCM takes care of that for you!
All Assignee's will also receive a summary email once everyone has Approved, or if anyone Rejects at any time. For more details on the notifications your Users may receive about Workflow, click HERE.
Workflow Override (User Permission)
Our final Workflow Security option is one that applies to ALL your Workflows, not just one, since it is a User Permission and not a Workflow setting.
Inside of a User's Account, with all the Allow To: checkboxes, is Allow Workflow Override (A). This option is NOT a default for any User, Admin's included. This is a powerful User Permission, and should only be given to those Users who know their role in the Workflow and your internal process very well.
Enabling this option will allow that User to interact with the Override icon inside a Container (B), and, as the name suggests, override the Workflow and all it's security settings.
Overriding the Workflow could mean either swapping out the Workflow entirely and moving it to one that is not the Default Workflow for that Contract Type (1), or it could mean staying in the same Workflow, but moving it to whatever Stage that User wants (2), regardless of any Approval, Assignee's Locked, or Skip settings.