Skip to main content
The Security wizard allows you to set the permission level for a user or group of users (the ability to view and / or edit FlowForma forms), for a flow or for an individual form. To use the Security wizard, open the Flow designer. On the Flow level toolbar you will see a small shield icon. Shield icon on the Flow level toolbar Click on the shield icon and the Security wizard is opened. Security wizard opened at the flow level The Security wizard opens at the flow level, displaying the default Flow level permissions. The ‘greyed out’ items cannot be edited or removed, the other items can be edited or removed. Permission levels for other users or groups can be added by clicking the ’+’ button. You will see an editor where you can add permissions to a user/group selected, user or group entered in a question in the current flow, or a user or group assigned to any step in the current flow. Add permissions editor

User/group from site

If you select the radio button for ‘User/group from site’, you can enter the name of the user or group you require into the person or group field. User/group from site field Click the Done button and a new item is added to the Security wizard. By default the permission level is set to ‘Read’, but you can change this to any of the other levels. New item added with Read permission level

User/group defined in question

If you select the radio button for ‘User/group defined in question’, the drop-down will be populated with all the ‘Single line of text’ and ‘Person or group’ questions in the flow. User/group defined in question drop-down Select the question you require and click the ‘Done’ button. A new item is added to the Security wizard; by default the permission level is set to ‘Read’, but you can change this to any of the other levels. New question-based item added

User/group assigned to a step

If you select the radio button for ‘User/group assigned to a step’, the drop-down will be populated with all the steps in the flow. User/group assigned to a step drop-down Select the step you require and click the ‘Done’ button. A new item is added to the Security wizard; by default the permission level is set to ‘Read’, but you can change this to any of the other levels. New step-based item added
The Security wizard can’t evaluate users or groups that are set on flow loaded event.
If at any time you click the ‘Reset’ button, the default settings will be displayed and any items you have added will be removed.
To confirm changes, click the ‘Done’ button.

Step level permissions

To access step permissions, hover over the downward arrow on the blue bar. A drop-down displaying all the steps in the flow is shown. Step drop-down on the blue bar Click on the step you require and the permissions for that step will be displayed. Permissions for the selected step As with the flow level, the ‘greyed out’ items cannot be edited or removed. All other items can be edited or removed by clicking the ‘X’ button next to the row.
Form creator permissions CANNOT be edited on the first step, but can be edited / removed on any subsequent step.
To add a permission level, click the ’+’ button. The panel to add permissions for a user/group selected from the site, entered in a question, or assigned to a step in the current flow is displayed. See the Flow level instructions above; the process for adding items is the same at both Flow and Step level. Add permissions panel at step level
If at any time you click the ‘Reset’ button the default settings will be displayed, and any items that you have added will be removed.
To confirm changes, click the ‘Done’ button.

Enabling the Security wizard for the first time

The Security wizard is not enabled until you access it for the first time and click the ‘Done’ button on any of the Flow or Step screens. The first time you click the ‘Done’ button, the following screen is displayed. Confirm enabling the Security wizard This screen confirms that you want to enable the Security wizard. Click the ‘Confirm’ button and the Security wizard will be enabled. You will not see this screen again for the current flow when you make changes in the Security wizard. Click ‘Cancel’ if you don’t want the Security wizard enabled. It will not be implemented on the current flow, and any changes you have made will be discarded. Once you have clicked ‘Confirm’, click ‘Save’ in the Flow designer and the flow with the Security wizard settings will be saved.
Any ‘Step view permission’ business rules contained in the flow will be disabled when the Security wizard is enabled.

Editing Security settings

Enter the Flow designer and click the shield symbol. The Security wizard opens, with the current settings at both Flow and Step level displayed. You can add, remove or edit the items you require. Click ‘Done’ when you have completed your edits and ‘Save’ the flow in the Flow designer.

What permissions are used

Permissions applied to a form are those currently set in the Security wizard, if the Security wizard is enabled. When changes are made to permissions in the Security wizard, these changes will be applied to all forms created using the flow, including forms in progress and completed forms.

Permission levels

There are four permission levels you can use:
  1. Read & Edit - Allows you to view and edit forms created.
  2. Read - Allows you to view information on forms created.
  3. Deny - Prevents you from viewing information on forms created.
  4. None - No permission level is applied directly to this user or group. The lowest permission level found for the user from other groups \ settings in the flow will be applied. If no other permissions are found the ‘Deny’ permission is applied.

Users / groups

Permissions are applied to a user or group of users. When the Security wizard is opened for the first time, the following users and groups are displayed.

Flow level

Default Flow level users and groups
User / groupDetailsLevelRequired*
1.Form creatorThe person who creates the form, (saves or submits the first step of the form).Read + EditNo
2.Flow administratorThe person selected in the Flow definition as the Flow administrator. This is not a required field, so a flow may not have a flow administrator.Read + EditYes
3.Administrator group (Owners)The Administrator group selected in the FlowForma settings. Members of this group will have the ability to create and edit flows and create and submit forms.Read + EditYes
4.Generic users group (Members)The Generic users group selected in the FlowForma settings. Members of this group will have the ability to create forms and submit form steps assigned to them.Read + EditNo
5.Print view group (Visitors)The Print view group selected in the FlowForma settings. Members of this group are only able to view forms. They cannot create or submit forms.ReadNo
  • where the user or group is required, it cannot be removed from Security wizard and the permission level cannot be changed.
  • where the user or group is NOT required, the permission level can be changed, or the group removed by clicking the ‘X’ button next to the row.
  • the Flow administrator permission cannot be removed in the Security wizard, but this is not a required field in the flow definition. Therefore, there may not be a Flow administrator for the flow, and hence no permission set.

Additional users / groups

Additional users and groups can be added as required.

Step level

The default groups and permissions for a step are displayed below. Default Step level users and groups
User / groupDetailsLevelRequired*
1.Form creatorThe person who creates the form, (saves or submits the first step of the form).Read + EditYes
2.Flow administratorThe person selected in the Flow definition as the Flow administrator. This is not a required field, so a flow may not have a flow administrator.Read + EditYes
3.Step assigned toThe user or group assigned to the current step in the flow’s step definitionRead + EditYes
4.Administrator group (Owners)The Administrator group selected in the FlowForma settings. Members of this group will have the ability to create and edit flows and create and submit forms.Read + EditYes
5.Generic users group (Members)The Generic users group selected in the FlowForma settings. Members of this group will have the ability to create forms and submit form steps assigned to them.Read + EditNo
6.Print view group (Visitors)The Print view group selected in the FlowForma settings. Members of this group are only able to view forms. They cannot create or submit forms.ReadNo
  • where the user or group is required, it cannot be removed from Security wizard and the permission level cannot be changed.
  • where the user or group is NOT required, the permission level can be changed, or the group removed by clicking the ‘X’ button next to the row.
  • the Flow administrator permission cannot be removed in the Security wizard, but this is not a required field in the flow definition. Therefore, there may not be a Flow administrator for the flow, and hence no permission set.

Additional users / groups

Additional users and groups can be added as required.

Flow and Step level permissions

Creating a form

To create a form, you must have (or belong to a group with) ‘Read & Edit’ permissions.

Precedence

Step permissions will have priority over Flow level permissions. Flow level permissions will only apply in relation to form creation or where no step permissions are in place for the user.
  1. Step-level permissions are checked first.
  2. If no explicit permission exists at the step level, the system falls back to the flow-level permissions.
  3. If the user has permissions on the flow, those permissions propagate to all steps by default.
  4. To restrict the user on a specific step, you must explicitly set deny/none, because the flow-level permission would otherwise apply.

Permission hierarchy

Permissions set on different items in the flow have different levels of importance (rank). The permission set on the item with the highest rank will take precedence over permissions set on items with a lower rank. Permission hierarchy ranking
  • Step assigned to: The user or group with the highest rank in the permissions hierarchy for a step is the user or group assigned to that step in a flow (Read + Edit). This permission overrides any other permissions that the user may have from other groups it is a member of.
  • Person or group defined in a question or person or group assigned to a step: The second rank in the permission hierarchy is a user or group defined in a question in the flow or a person or group assigned to a step in the flow.
  • Form creator or individual user: The third rank in the permissions hierarchy is either the Form creator or an individual user defined in the User/group from site editor.
  • Groups, including Owners: The fourth rank in the permissions hierarchy is groups that have not been included in any items above (for example, groups assigned to a step or defined in a question), including the Owners group.
  • Flow administrator or none: The fifth rank in the permissions hierarchy is the Flow administrator or none. If the user entered as the Flow administrator is included in any of the ranks above, this will override the permission set here.
  • No entry found: The lowest rank in the permission hierarchy is where no entry is found.
Where there are two or more permissions set on items of the same rank, the lowest permission level will be used. For example, if one of the permissions is Deny this will always override ‘Read + Edit’ and ‘Read’ permissions set on items of the same rank.

Security wizard exceptions

All forms created from a flow will use the permissions currently set in the Security wizard. A FlowForma Administrator user has the ability to select a form from the forms list and apply permissions specific to that form (an exception), overriding the permissions set in the flow’s Security wizard. To add an exception to a specific form:
  • Go to the forms list.
  • Select the required form and click the items tab on the SharePoint ribbon.
  • From the items ribbon, click the Security icon.
Security Icon on the SharePoint items ribbon
  • A Security wizard for the form is now opened, displaying the security settings in place for the flow.
Security wizard opened for a single form
  • Edit the Flow or step settings as required. This is the same as editing the flow’s Security wizard, though the changes applied will only apply to this single form.
  • You will be asked to confirm your Security wizard settings as before.
Confirm Security wizard settings These Security wizard settings will now be applied to this form only.
  • If you open the Security wizard for this form again, you will see confirmation on the screen that Security wizard exceptions have been applied.
Confirmation that Security wizard exceptions have been applied
Any changes made in the Security wizard for the flow will be reflected in a form that has had an exception added.