How permissions in integrations and Workflow Automation interact

When your PagerDuty Workflow Automation processes integrate with your apps or services, the permissions in the app affect permissions in PagerDuty Workflow Automation. PagerDuty Workflow Automation will “inherit” the permissions from your app—when setting up permissions in PagerDuty Workflow Automation and your apps, take this inheritance into account.

In the following diagram, the outer most boxes affect all boxes inside of them. For example, the “Integration App” box affects all other levels inside of it. In other words, the permissions you set in your Integration App affect how permissions work through the integration and PagerDuty Workflow Automation.

For example, say you integrate with a file storage service “Orange Cart”.

• In Orange Cart, you create a private folder, and a public folder—these are at the “Integration App” level.
• In Orange Cart you have two users, an Admin and a Regular user—these are at the “Integration App User” level.
• And when you create a connection to Orange Cart in PagerDuty Workflow Automation, you log in with an Orange Cart user—this is the “PagerDuty Workflow Automation Integration Connection”.

If you want to use PagerDuty Workflow Automation to automate work in Orange Cart, but you don’t want regular users accessing private data, you must set up permissions across all of these levels. Here’s an example of this:

The lower levels (PagerDuty Workflow Automation Users and Workflows) inherit permissions from the higher levels (Integration App and App Users). This means when you create a connection in PagerDuty Workflow Automation using the Admin User account, anyone using that connection in PagerDuty Workflow Automation has access to everything the Admin User can access.

If you create a second connection and log in with Regular User, then that connection and anyone who uses it can only interact with regular data. Then in this way, when you set up integration permissions you can choose which PagerDuty Workflow Automation users can access the Admin or Regular data.