> For the complete documentation index, see [llms.txt](https://developer.collibra.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.collibra.com/tutorials/how-to-manage-the-new-workflow-permissions.md). # How to manage the new workflow permissions To help you fine tune workflow management, Collibra version 2024.05 introduces two new global permissions that are designed to give you more control over who in your environments can use workflows. This allows administrators to restrict the ability of users to trigger workflows, which incurs a cost for the organization. {% hint style="success" %} The new workflow permissions require administrator action to maintain existing user functionality. Users who leverage workflows must be assigned to a role that has the **Start workflow** permission, the **Participate in workflow** permission, or both based on their needs. {% endhint %} | Permission | Description | New license type | Legacy license type\*\* | | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ----------------------- | | Start workflow |

Only users that have a role with this permission can start a workflow.
Users that do not have a role with this permission can not see any global or resource workflows in Collibra.
Users that have a global role with the Workflow Administration or System administration permission do not require this permission explicitly.
Workflows triggered by an event, another workflow, or a cron expression do not require this permission.

Only users that have a role with this permission can be assigned a workflow user task.
If a task is assigned to a role or group, only members that have a role with this permission get the new task assigned and not any other members.\*
If a task cannot be assigned to any user because they do not have a role with this permission, the workflow generates an error and cannot start or progress.
Users that have a global role with the Workflow Administration or System administration permission do not require this permission explicitly.

| Contributor | Read-only | {% hint style="success" %} \* The out-of-the-box Voting Sub-Process creates a separate voting task for each of the participants. If any of the participants do not have a role with the **Participate in workflow** permission, the process fails, without creating any voting task. If you are using the Approval Process, Simple Approval, the Issue Management workflow, or a custom workflow that calls the Voting Sub-Process, either ensure that all the voting participants have a role with the **Participate in workflow** permission or download version 2024.05 or newer of the Voting Sub-Process. {% endhint %} {% hint style="info" %} \*\* In the legacy license model, when a user that does not consume a Standard license participates in or starts a workflow, they retain their Read-only required license but are counted against an effective Standard license for the current calendar month. This number is then reset at the start of the following calendar month. {% endhint %} {% hint style="warning" %} Users without the **Start workflows** permission might not be able to see the Plus icon

global create button anymore. {% endhint %} ## Recommended setup To take full advantage of the new permissions, add them just to the roles that require them. A good starting point for this analysis is the **Latest Workflow Participation** column of the **Users** table. You can add the column to see the data in Collibra or you can download a CSV file for greater sorting flexibility: {% stepper %} {% step %} On the main toolbar, click Products icon

→

**Settings**.\ The **Settings** page opens. {% endstep %} {% step %} Click **Users**.\ The user table appears. {% endstep %} {% step %} Above the table, to the right, click Export icon

.\ The **Export users** activity starts. {% endstep %} {% step %} When the **Export users** activity is finished, you can download the CSV file: {% endstep %} {% step %} On the main toolbar, click Activity icon

→ **Show more**.\ Your profile page opens on the **Activities** tab page. 1. In the **Results** column of the **Export users** activity, click **Results**.\ Depending on your browser and browser settings, the files are downloaded to a default location or a dialog box appears to specify the location for the downloads. {% endstep %} {% endstepper %} By analyzing how users participate in workflows and the global roles of their groups, you can identify which global roles need the new workflow permissions in your organization. ## Setup for keeping current functionality To keep the current functionality as it is and allow all users to start and participate in workflows: {% stepper %} {% step %} Create a new global role, for example *Workflow user*: 1. On the main toolbar, click Products icon

→

**Settings**.\ The **Settings** page opens. 2. Click **Roles and Permissions**.\ The roles and permissions settings appear on the **Global Roles** tab page. 3. Above the table, to the right, click **Add**.\ The **Create Roles** dialog box appears. 4. Enter one or more role names. 5. Click **Submit**. {% endstep %} {% step %} Assign the **Start workflow** and **Participate in workflow** global permissions to the new global role: 1. On the main toolbar, click Products icon

→

**Settings**.\ The **Settings** page opens. 2. Click **Roles and Permissions**.\ The roles and permissions settings appear on the **Global Roles** tab page. 3. In the tab pane, click **Global Permissions**.\ The matrix of global permissions and roles appears. 4. If required, add or remove columns: * On the content toolbar, click Legend icon

and select or clear the role checkboxes. 5. Above the table, to the right, click **Edit**.\ You can now edit the matrix of permissions and roles. 6. Select or clear the checkboxes for a role to add or remove permissions. 7. Above the table, to the right, click **Save**. {% endstep %} {% step %} Add the **Everyone** group as a member of the **Workflow user** role: 1. On the main toolbar, click Products icon

→

**Settings**.\ The **Settings** page opens. 2. Click **Roles and Permissions**.\ The roles and permissions settings appear on the **Global Roles** tab page. 3. Hover over the name of the role you want to manage and click **Preview**.\ The **Members** sidebar appears. 4. Click Add Member.\ The **Add Member** dialog box appears. 5. Select one or more users or user groups and click **Add Member**. {% endstep %} {% endstepper %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.collibra.com/tutorials/how-to-manage-the-new-workflow-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.