Set permissions on fields to increase the security of sensitive information. Workflow owners and editors can choose to set any and every field with a different level of security to restrict access to any stored information.
There are 4 levels of field permissions:
- Public: Field values are visible to anyone interacting with this instance
- Internal: Field values are hidden from non-team members
- Confidential: Field values are hidden from everyone except admins and designated users
- Highly Confidential: Field values are hidden from everyone except designated users. Examples may include social security numbers or salary information.
- From the Workflow Builder page, select a task.
Select an existing field or Add a Field. Here is an example, of the fields section of an Assign Task to a Person action.
Select the advanced tab, then select Permissions.
- Select the field’s permission level, then if necessary, select the users who should have access to view the field.
- Select .
You can change the field permissions in a Workflow and automatically change the permissions for that field for every instance that has ever run, even if it has completed.
Toggle on Apply permissions retroactively to apply a default permission level to all fields in all active or completed instances of this Workflow.
⚠️ Heads-up: This does not apply to any draft versions of a Workflow. Only data from the published Workflow version is updated.
Set the default field permissions within a Workflow for all fields added in the future, including those that are added by automated tasks during an instance.
For example, if you’re making a Workflow that processes confidential information, you can set the default permissions for the Workflow before you add actions and save time not changing each field individually.
- Select Workflows from the top navigation bar.
- Select a Workflow, this will open the Workflow detail page.
- Select in the upper-right corner to get to the Workflow Builder page.
- Select the in the top right, and select Settings
Scroll down to the Security section, and click to expand it.
- Set the Default Field Permission level, then if necessary, select the users who should have access to view the field.
You can change the default field permissions in a Workflow and automatically change the permissions for all fields for every instance that has ever run, even if it has completed. This will only set default permissions for fields that did not have a specific field permission applied within the field’s permission.
Toggle on Apply field permissions retroactively to apply a default permission level to all fields in all active or completed instances of this Workflow.
- Set the Default Field Permission level you wish to apply to all past fields.
💡Tip: If a Workflow begins handling confidential information but the fields are not set as confidential, changing the Workflow’s default field permissions and applying the permissions retroactively is a quick way to change all fields to confidential.
If something’s not working as expected, or you’re looking for suggestions, check through the options below.
A field’s permission level will not be displayed to a user or team member in a task or web form.
It may be helpful to add “CONFIDENTIAL” to the field or include its confidentiality in the instructions or description if necessary.
If some fields created via actions need to have specific permissions and other fields need to be public, there are a couple of options to set these permissions dynamically:
Set the default permissions for the Workflow, then create a new field for each public field and then reference the output field of the actions in the default value. The newly created field can be configured as desired.
Do not set default permissions for the template. Create a subprocess to contain the actions which require permissions and set default permissions for the subprocess.