4

Upcoming Changes: Enhancing Flow Security

Access control policies determine who can access specific flows or perform certain actions within Kissflow. These policies govern access to individual flows.

The Issue

Kissflow currently manages access control for integrations via user’s API-based authentication and authorization, which lacks sufficiently granular control over resources like datasets, boards, forms, and processes. This has led to several issues:

  • Data Leakage: Data from flows can be shared without the Flow Admin's knowledge, making it hard to monitor and govern data usage effectively.

  • Unauthorized Access: Unauthorized users can create integrations using flows, risking sensitive data access.

  • Abandoned Integrations: Integrations created by ex-employees may continue to run without oversight.

The Solution

Transitioning to flow-based access control will provide more precise and secure management of who can access and perform actions on individual flows.

What's Changing?

  • New security settings page: A centralized location for Flow Admins to manage access control for flows. Initially, this page will control access to lookup, integration, and impersonation. Permissions for subprocess and decision tables will be managed here in the future.

    • Global permissions: Flow Admins can set default access control permissions that apply to all flows in the account.

    • Customized permissions: Flow Admins can set permissions for specific flows that override global permissions. They can select specific fields for lookup, with global permissions carried over when customizing new flow permissions.

  • Warnings: Removing or modifying permissions will display a warning message to Flow Admins, listing impacted flows and causing configured integrations, lookups, and related elements to fail if permissions are removed.

  • Behavior within apps: App Admins can link an app and select which permissions from the source app can be accessed by the destination app.

  • Integrations: Non-Kissflow triggers can be added as a flow under custom permissions. Self-triggers and actions don’t need exclusive permissions.

  • Flow duplication: Duplicating a flow or app will not duplicate its custom permissions.

  • Download and Print permissions: These permissions are moving to a different page called Access Controls to manage who can download or print flow details.

Impact and Actions Required

  • Automatic migration: Existing integrations, lookups, and other configured flows using API authentication will be automatically migrated to the new flow-based access control model. No action is required to update these permissions.

  • Configuring permissions: Going forward, Flow Admins can set up global permissions that apply to all flows or tailor access with customized permissions for specific flows. Review and configure these new permission policies and communicate changes to flow creators.

These changes will be rolled out before the end of June 2024. For questions, please comment below or contact support for more information.

FAQ

Q: Will my existing integrations and flows continue to work after this change? 

A: Yes, our team will automatically migrate your existing integrations, lookups, and flows to the new flow-based access control model. No action is required.

Q: Can I still set permissions that apply to all flows, or do I need to configure every flow individually? 

A: You can still set global default permissions that will apply to any flow that doesn’t have a custom permission policy overriding it. See the "Global Permissions" section above.

Login to view replies

Content aside

Related Articles
Upcoming transition of Kissflow Projects to Kissflow Boards
Upcoming enhancements to improve your accessibility experience
Coming soon: Improved file picker interface for enhanced usability
Streamlining audit logs in Kissflow Boards
Upcoming: Browser compatibility updates
Coming soon: Form lookup field enhancements for runtime and configuration
Upcoming enhancements - Save your board's workflow as a draft
Upcoming changes to Kissflow forms for improved performance
Upcoming Changes: Enhancing Flow Security
Upcoming Changes: Standardized OAuth2 Callback URL for HTTP Connector in Kissflow Integrations
Minor enhancement to Document Template editor in Kissflow Processes
Refreshed workflow builder in Kissflow Processes
Upcoming feature preview: Child table enhancements in the PWA mobile app
Improved update trigger for dataset integration
Enhanced notifications in Kissflow
Upcoming Changes: Improved Search Behavior for Board Items
Changes to how Kissflow Integrations look
Preview: Enhanced Analytics Report creation coming soon to Kissflow
Coming Soon: An enhanced App Builder with streamlined workflow and an advanced user interface
An enhanced form-building experience: Major updates are coming by December!
Revamping Kissflow Forms
Changes to List APIs - Deprecation of Aggregation Data
Changes to export behavior in Kissflow Analytics
UI changes in the home page for KF Process plan
UI changes in the home page for KF Workflow Suite plan
UI changes in the home page for KF Workflow plan
UI changes in the home page for KF Project plan
UI changes in the home page for KF Workflow Lite plan
Removal of field size in Field appearance settings from the Process’ Permissions tab
Upcoming changes to access control within Kissflow
Addition of start date system field in Kissflow boards
Upcoming changes: A revamped PDF template editor