3

Security settings for flows

Introduction

Flow Admins can manage the sharing of their flow data with other flows within the Kissflow platform through the security settings page. This system provides a more robust, flexible, and granular approach to controlling access to processes, datasets, boards, and dataforms.

The security settings page allows you to manage permissions for the following Kissflow artifacts:

  1. Lookup

  2. Integration

  3. Impersonation

Accessing security settings

To manage the security settings for a specific flow, follow these steps:

  1. Go to the process, board, dataset, or dataform you want to manage.

  2. Click the Manage button > Security

 

 

Global permissions

Global permissions are the overarching access rules that apply to all flows within your account. They serve as the default access settings for all the flows in your Kissflow account. By default, All flows permission is enabled for most artifacts except for integration and impersonation. 

Setting up global permissions

On the Security page, locate the Global permissions section. For each artifact, such as Lookup or Integrations, you'll see a checkbox. Enable or disable the checkbox to set global permissions for that artifact. By default, permissions for All flows are turned ON for all artifacts except Integration and Impersonation. To adjust these permissions, simply check or uncheck the desired artifacts. For example, unchecking the Lookup artifact for All flows ensures that no flow in the platform can perform lookups on this flow.

Note:

Disabling an artifact here will restrict its use across all flows unless overridden by customized permissions.

Customized permissions

Customized permissions allow for fine-grained control over access at the individual flow level, overriding global permissions when configured. These settings can be set for specific flows, providing more detailed control over which artifacts and fields can be accessed.

Setting up customized permissions

Custom permissions allow flow admins to grant exclusive permissions for specific flows. These permissions can be configured to override global permissions. To set up custom permissions, go to the security settings page of the desired flow and select the specific permissions needed. You can choose to grant permissions for all fields or select specific fields for the Lookup artifact. When adding a new flow under custom permissions, the global settings are carried over and can be overridden. If custom permissions are removed, the global permissions will automatically apply.

Note:

If no customized permission is set for a flow, it follows the global permission settings.

Removing customized permissions

If you remove customized permissions for a specific flow, the flow will revert to using global permission settings. This change takes effect immediately. To remove customized permissions for a specific flow, click the Remove customized permission button on the right of the flow. Next, check if there are any lookup dependencies or other impacts from deleting this permission. Finally, click Remove to confirm and remove the customized permissions.

Lookup field selection

When configuring Lookup permissions, you have the option to select All fields to grant access to all fields in the lookup. Alternatively, you can choose Select fields to specify which fields are accessible. If you opt to select specific fields, a list of available fields will be displayed for you to choose from.

Within apps

For applications within Kissflow:

  • App admins have the ability to link apps together.

  • When linking, admins can specify which fields from the source flow within an app are accessible to the destination app.

Process Admins can allow or restrict permissions to users impacting their ability to print forms, download attachments, or impersonate in processes.

You can toggle between two options: Anyone and Only admins for each flow type individually. These changes are flow-level changes, and they can, in some cases, be overridden by permissions set at Account Administration level.

Setting the permission to Anyone would allow any user to download attachments or print forms. Choosing Only admins would restrict download and print permissions only to Flow Admins.

Using impersonation, you can act on behalf of a user or an item inside your Kissflow account. Learn more about impersonating a user.