Workflow instance queue not granting access to automatically created role

OpenRPA version:
OpenFlow version: 1.4.36
Using or self hosted openflow:
Error message:
Screenshot or video:
Attach a simple workflow from OpenRPA or NodeRED that reproduces the error/issue:

If you create a Workflow In node in NodeRed with some queue name (X), then an entry for X will be created in the mq collection. A role with the name Xusers will also be created. However Xusers is not given any access to the queue, as is the case when a role is automatically created for new Work Item Queues. Xusers is given access to the corresponding Workflow created in the workflow collection.

Perhaps this is intended, but I assume it is a bug?

That sounds like a bug, yes.

Actually, no, it’s not. Or rather, yes it is, but i want it not to be … Does that makes sense ? :smiley:

So originally, i used to check permissions when you wanted to publish or comsume a queue on both users, items in workflows ( workflow in nodes ) and the mq collection.
But that is starting to get messy and I see a lot of people is having problems with that, so i would prefere we keep all queue permissions in the “mq” collection instead of having it spead out all over the place.

The problem with the role is, right now the “workflow in” node will create the workflow item in the workflows collection, it will create the role if missing and assign permissions to the workflow item. It cannot set permissions on the queue item in mq, since that by default does not exist until the node is lalso consuming the queue. I could expand that to also involve an queue item in the mq collection, but i kind of also want to avoid that, since i fear I at some point may need to lock down permissions/control more on those items for security reasons ( not sure, but my gut feeling is there is going to come up at some point ) that is why i like to keep the creation of new mq items inside openflow.

So that leaves the role “hanging” … do we need it? do we keep it ? do we auto set permissions for it if it exists ?
The reason i original added logic to auto create the role, was to force people into “thinking in roles” so i though auto creating it, would help people. But it turns out almost noone uses it and it gets a little messy when you copy and paste “workflow in” nodes or have multiple nodereds with the same workflow in node, so my vote is to simply remove it, and let my skilled end users handle roles them self ? …
All open questions, I would love some feedback/thoughs.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.