Today I stumbled into an issue with hidden workflow activities. Normally you can simple hide an activity to unauthorized users by adding an application specific access role to the property section ‘Visiblity and Access’. For example you can add the role ‘org.imixs.ACCESSLEVEL.MANAGERACCESS’ to allow only Managers to use this workflow activity.
But this seems not to work. The reason is that the Imixs Modeler stores the read-access restriction into the property ‘namReaders’. And this is no read-access property per default. Only the property ‘$readAccess’ will be recognized by the workflow system to protect workitems.
But the solution is quite simple. You only need to add the field name to the Imixs EntityService Bean declaration from the ejb-jar.xml descriptor:
<ejb-name>EntityServiceBean</ejb-name> <ejb-class>org.imixs.workflow.jee.ejb.EntityServiceBean</ejb-class> <session-type>Stateless</session-type> <env-entry> <description>Additional Reader Field for Workflow Model</description> <env-entry-name>READ_ACCESS_FIELDS</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value>namreaders</env-entry-value> </env-entry> </session>
No the property ‘namReaders’ is treated by the Imixs Workflow System as a reader field.
I think we will change the Imixs Modeler in the next release to support also the default field ‘$readAccess’. So no further configuration will be necesary here.