Documentation: Flowy Permissions
Base concept
Flowy has - in general - three levels of permissions on objects:
- Use: enables the usage of an object, which is very useful i.e. for scenarios where ops manages credentials while the developer and support team "just" uses them
- View: contains the functions of
use
but provides additionally read-only access to the object - Edit: provides all possibilities of
view
extended by the capability to edit object characteristics
Default roles
Flowy offers the following default roles:
Name | Description |
---|---|
CREDENTIAL_CREATOR | Enables the creation of new credentials; each credential contains its own role definitions for usage/view/edit |
CREDENTIAL_DELETER | Enables the deletion of credentials |
ENTITY_CREATOR | Enables the creation of new entities |
ENTITY_DELETER | Enables the deletion of entities |
GDPR_ADMIN | Provides access to the GDPR overview |
LIBRARY_CREATOR | Enables the creation of new libraries |
LIBRARY_DELETER | Enables the deletion of new libraries |
MODULE_CREATOR | Enables the creation of new modules; each module contains its own role definitions for usage/view/edit |
MODULE_DELETER | Enables the deletion of modules |
PLUGIN_CREATOR | Enables the creation of new plugin-ins; each plug-in contains its own role definitions for usage/view/edit |
PLUGIN_DELETER | Enables the deletion of plug-ins |
PROCESS_CREATOR | Enables the creation of new processes; each process contains its own role definitions for usage/view/edit |
PROCESS_DELETER | Enables the deletion of processes |
ROLE_CREATOR | Enables the creation of new roles; each role contains its own role definitions for usage/view/edit |
ROLE_DELETER | Enables the deletion of roles |
SELF_REGISTERED | Is automatically assigned to users signing up through self-sign-up |
SETTING_CREATOR | Enables the creation of new settings; each setting contains its own role definitions for usage/view/edit |
SETTING_DELETER | Enables the deletion of settings |
TELEMETRY_ADMIN | Provides access to the telemetry data generated by Flowy |
TEMPLATE_CREATOR | Enables the creation of new templates; each template contains its own role definitions for usage/view/edit |
TEMPLATE_DELETER | Enables the deletion of templates |
TRIGGER_CREATOR | Enables the creation of new triggers; each trigger contains its own role definitions for usage/view/edit |
USER_CREATOR | Enables the creation of new users |
VALIDATION_RULE_CREATOR | Enables the creation of new validation rules; each validation rule contains its own role definitions for usage/view/edit |
VALIDATION_RULE_DELETER | Enables the deletion of validations |

Virtual roles
AUTHENTICATED
respective UNAUTHENTICATED
are special, virtual roles. They can't be assigned to user accounts directly. Instead they are automatically mapped: any authenticated user automatically has the AUTHENTICATED
role while all others have the default UNAUTHENTICATED
role.
This provides the necessary capabilities to enable - if desired - public access to triggers.
Trigger permissions
In order to execute trigger, users need to belong to either any kind of role.
In order to be able to link to a process, the editing user is required to have at least an use
role for the process.