3

Security settings for flows

Kissflow plans:
 
โœ“ Basic โœ“ Enterprise

Introduction

Flow Admins can manage the sharing of their flow data with other flows within the Kissflow platform through the security settings page. This system provides a more robust, flexible, and granular approach to controlling access to processes, datasets, boards, and data forms.

The security settings page allows you to manage permissions for lookup fields:

Accessing security settings

To manage the security settings for a specific flow, follow these steps:

  1. Go to the process, board, dataset, or dataform you want to manage.

  2. Click the Manage button > Security

 

 

Global permissions

Global permissions are the overarching access rules that apply to all flows within your account. They serve as the default access settings for all the flows in your Kissflow account. By default, All flows permission is enabled for most artifacts except for integration and impersonation. 

Setting up global permissions

On the Security page, locate the Global permissions section. For each artifact, such as Lookup or Integrations, you'll see a checkbox. Enable or disable the checkbox to set global permissions for that artifact. By default, permissions for All flows are turned ON for all artifacts except Integration and Impersonation. To adjust these permissions, simply check or uncheck the desired artifacts. For example, unchecking the Lookup artifact for All flows ensures that no flow in the platform can perform lookups on this flow.

Note:

Disabling an artifact here will restrict its use across all flows unless overridden by customized permissions.

Customized permissions

Customized permissions allow for fine-grained control over access at the individual flow level, overriding global permissions when configured. These settings can be set for specific flows, providing more detailed control over which artifacts and fields can be accessed.

Setting up customized permissions

Custom permissions allow flow admins to grant exclusive permissions for specific flows. These permissions can be configured to override global permissions. To set up custom permissions, go to the security settings page of the desired flow and select the specific permissions needed. You can choose to grant permissions for all fields or select specific fields for the Lookup artifact. When adding a new flow under custom permissions, the global settings are carried over and can be overridden. If custom permissions are removed, the global permissions will automatically apply.

Note:

If no customized permission is set for a flow, it follows the global permission settings.

Removing customized permissions

If you remove customized permissions for a specific flow, the flow will revert to using global permission settings. This change takes effect immediately. To remove customized permissions for a specific flow, click the Remove customized permission button on the right of the flow. Next, check if there are any lookup dependencies or other impacts from deleting this permission. Finally, click Remove to confirm and remove the customized permissions.

Lookup field selection

When configuring Lookup permissions, you have the option to select All fields to grant access to all fields in the lookup. Alternatively, you can choose Select fields to specify which fields are accessible. If you opt to select specific fields, a list of available fields will be displayed for you to choose from.

Within apps

For applications within Kissflow:

  • App admins have the ability to link apps together.

  • When linking, admins can specify which fields from the source flow within an app are accessible to the destination app.

Access controls

Process Admins can allow or restrict permissions to users impacting their ability to print forms, download attachments, or impersonate in processes.

Print and download permissions

You can toggle between two options: Anyone and Only admins for each flow type individually. These changes are flow-level changes, and they can, in some cases, be overridden by permissions set at Account Administration level.

Setting the permission to Anyone would allow any user to download attachments or print forms. Choosing Only admins would restrict download and print permissions only to Flow Admins.

Comment permissions

Participants vs non-participants

 

Participant

Non-participant

Definition

Users who have participated in the itemโ€™s workflow up to the current step

Users who have not participated in the itemโ€™s workflow up to the current step. 

Includes

Itemโ€™s initiator and all item approvers until the current step.

  • Users who are future assignees.

  • Users who are not part of the process but are part of the account.

 

Example: If an item is currently at step C, its initiator and the approvers from steps A and B are participants. Everyone else is considered a non-participant.

Allowing assignees to mention non-participants

As a Process Admin, you can control whether assignees can mention non-participants in an item comment. This enables assignees to bring additional users into a comment thread for contextual collaboration, without adding them to the workflow.

Go to Manage > Security > Access controls > Comment permissions and enable Allow assignees to mention non-participants toggle. You can:

  1. Allow assignees to mention any user in this process - Assignees can mention users to whom the process is shared. These users may or may not have participated in the item so far.

  2. Allow assignees to mention any user in this account - Assignees can mention any user in the account, even if they donโ€™t currently have access to the process.

 

When a non-participant is mentioned:

  • They can view all past and future comments in the item.

  • They can react and reply only in the relevant comment thread.

  • They can view the itemโ€™s data as shown at the step where they were mentioned.

  • They are not added as assignees or participants in the workflow.

Note:

For a non-participant to join a comment thread, they must be mentioned in the parent comment of that thread.

Use case example:

An HR manager (current step assignee) is processing a New Hire Contract item. The workflow steps are: Start > HR Review > Finance Approval > Completed.

At the HR Review step, the HR manager notices a custom clause that might need a legal check. Legal Lee is a user in the account but is not part of this HR process workflow.

Feature behavior:

  1. The HR manager mentions Legal Lee in the comments. Because the Process Admin enabled Allow assignees to mention any user in this account, Legal Lee appears in the list.

  2. Legal Lee opens the item via notification.

  3. He sees all the contract data filled in during the Start and HR Review steps. He cannot see the fields of Finance Approval step because that step hasn't happened yet.

  4. Legal Lee leaves a reply: "Clause 4 looks good."

Impersonation

Using impersonation, you can act on behalf of a user or an item inside your Kissflow account. Learn more about impersonating a user.

 

Login to view replies

Content aside

Related Articles
Reviewing publish changes
AI-powered solution overview
AI solution analyzer
Associated flows for processes
Connected processes - Overview
Connecting processes
FAQ - Connected processes
Security settings for flows
Admin actions in a process
Process settings
Publishing, editing, duplicating, archiving, and deleting a process
Process audit log
Managing process members and permissions
Document templates