5

Upcoming Changes: Enhancing Flow Security

Access control policies determine who can access specific flows or perform certain actions within Kissflow. These policies govern access to individual flows.

The Issue

Kissflow currently manages access control for integrations via user’s API-based authentication and authorization, which lacks sufficiently granular control over resources like datasets, boards, forms, and processes. This has led to several issues:

  • Data Leakage: Data from flows can be shared without the Flow Admin's knowledge, making it hard to monitor and govern data usage effectively.

  • Unauthorized Access: Unauthorized users can create integrations using flows, risking sensitive data access.

  • Abandoned Integrations: Integrations created by ex-employees may continue to run without oversight.

The Solution

Transitioning to flow-based access control will provide more precise and secure management of who can access and perform actions on individual flows.

What's Changing?

  • New security settings page: A centralized location for Flow Admins to manage access control for flows. Initially, this page will control access to lookup, integration, and impersonation. Permissions for subprocess and decision tables will be managed here in the future.

    • Global permissions: Flow Admins can set default access control permissions that apply to all flows in the account.

    • Customized permissions: Flow Admins can set permissions for specific flows that override global permissions. They can select specific fields for lookup, with global permissions carried over when customizing new flow permissions.

  • Warnings: Removing or modifying permissions will display a warning message to Flow Admins, listing impacted flows and causing configured integrations, lookups, and related elements to fail if permissions are removed.

  • Behavior within apps: App Admins can link an app and select which permissions from the source app can be accessed by the destination app.

  • Integrations: Non-Kissflow triggers can be added as a flow under custom permissions. Self-triggers and actions don’t need exclusive permissions.

  • Flow duplication: Duplicating a flow or app will not duplicate its custom permissions.

  • Download and Print permissions: These permissions are moving to a different page called Access Controls to manage who can download or print flow details.

Impact and Actions Required

  • Automatic migration: Existing integrations, lookups, and other configured flows using API authentication will be automatically migrated to the new flow-based access control model. No action is required to update these permissions.

  • Configuring permissions: Going forward, Flow Admins can set up global permissions that apply to all flows or tailor access with customized permissions for specific flows. Review and configure these new permission policies and communicate changes to flow creators.

These changes will be rolled out before the end of June 2024. For questions, please comment below or contact support for more information.

FAQ

Q: Will my existing integrations and flows continue to work after this change? 

A: Yes, our team will automatically migrate your existing integrations, lookups, and flows to the new flow-based access control model. No action is required.

Q: Can I still set permissions that apply to all flows, or do I need to configure every flow individually? 

A: You can still set global default permissions that will apply to any flow that doesn’t have a custom permission policy overriding it. See the "Global Permissions" section above.

Content aside