WorkflowFirst has a wealth of security features, and you can delve into these by reading through the main Security section.

For now, we'll just go over some of the basics.

The most important security concept in WorkflowFirst are "roles". A role is similar to a position a worker has - for example an Accountant role, a Customer role, Manager and so on. Identifying the roles involved in a workflow is an important first step.

By assigning workflow to roles instead of individual users, you can help share work between users, and also easily handle situations where people change departments, or leave.

You'll use the roles when entering in workflow stages. You can just type in the name of a role or select from an existing role. When a stage is assigned to a role, then only a user that has that role will be able to run that stage as an action button. This is important, for example, to make sure only Managers can approve a request.

To learn about adding users and assigning roles, read the Setting Up Users section.

That's how roles are used in workflow. But roles can be used elsewhere also.

Many areas of your data model have a list called 'Required Roles' that you can access in the hamburger menu from the form definition. When you add roles to this list, then only users with any of those roles will be able to see that item.

For example if you add the role 'Purchasing' to a tab called POs then only a user who has the Purchasing role will be able to see that tab. For all other users it won't even appear in the top tab list at all.

But as well as tabs, you can also add it to individual fields in a form. This works the same way: if you don't have that role, then that field won't be included in the form - and it will re-layout to exclude the field, so the user won't even know it's missing.

The same applies to subforms, and you can also put Required Roles on actions and on reports.

The next major area of security relates to filtering records. Often you want to make sure that only users involved in a workflow will be able to see that record. We provide special roles that contain filters for this purpose.

Every workflow that is added will automatically create a role called Assigned XXX, where XXX is the name of the tab. This role contains special permissions that filter a list to make sure that only users who either entered the workflow, or have had the workflow assigned to them, will be able to see the record. Otherwise users won't see the record.

If you want this applied by default, which means you won't have to explicitly add it to each user, then you can go to the tab definition, go to Features underneath that, then go to Assignment Options under that. In there set the setting "Apply By Default" to Yes. This means it will apply to all users by default.

We say "all users" but in actual fact administrators won't have this role applied by default, this is just so administrators are able to see all the records for administrative purposes. This is why you should be careful about making users administrators.

Once you have set that, then new users will just see an empty list in that tab. Once they enter something in, they will just see that record. And then other users will see that record as it is assigned to them, or to a role that they have.

This is just the beginning of the workflow features in WorkflowFirst. For more depth, you can read through the security section here.

Next Topic: Save As Draft