We’d like to ask everyone in the community to please go vote for the following idea:
Workflow Production Publishing & Default Assigned Use | Nintex Ideas
Our company is struggling with security and restricting users from publishing their own personal workflows in NAC. We continue to have issues even though we built a separate process around the OOB “Publish Request” component that comes with NAC.
Currently, the only way we are able to allow users to publish workflows in NAC if they are not an admin (while still limiting this to not all developers/designers) is putting them in a group:
By doing this however, our headache is how the system is designed. When a user not in this group who does not have rights to publish on their own pushes the “Request publish” button when a workflow is set to production the system will auto assign the group specified in these settings as the “workflow owner” as well over the workflow.
Because of this, all the users we gave permissions to publish, now have these workflows from other users sitting in their workflow listing. The idea is to simply give select users the ability to publish their own or shared workflows to production without a global admin. This would typically be for the users that are more advanced. However, just because they are advanced, does not mean our company wants them to have the permissions to publish any workflow in the entire tenant being requested by any user in the tenant. Someone in HR shouldn’t have the ability to see anything going on in a workflow owned by someone in Legal or Finance who chooses to work as a citizen developer in this platform. It’s a huge security concern for us!
This is currently what global admin have for workflow settings and publishing:
Below is what we actually need - the ability to delineate between personal vs tenant level publishing permissions. Also, the ability to determine if new workflows get published by default to dev vs prod. Why this is set to prod in NAC doesn’t make any sense to me. It was dev in Nintex Workflow for Office 365.
