Uploaded image for project: 'PUBLIC - Liferay Documentation'
  1. PUBLIC - Liferay Documentation
  2. LRDOCS-7924

Please keep Workflow security awareness paragraph

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Fix Version/s: 7.2.x, 7.3.x
    • Component/s: Workflow
    • Labels:
      None

      Description

      The documentation for Workflow in 7.1 HelpCenter nicely discusses the risks behind using workflow. 

      Please bring the following text also to learn.liferay.com and (at least) 7.2 version of HelpCenter article:

       https://help.liferay.com/hc/en-us/articles/360017894972-Managing-Workflows#workflow-definition-publication-permissions:

      Users with permission to edit or publish workflow definitions can add Groovy scripts to the workflow. Access to the scripting engine means access to the Java Virtual Machine (JVM) of the server. Users who publish (or edit) workflow definitions containing scripts, therefore, can get access to any data within the reach of the JVM, such as data contained in a separate Virtual Instance of Liferay DXP itself.

      Because of this far-reaching access, permission to create or edit workflow definitions is limited to Regular Administrators of the Default Virtual Instance

       

      Thank you.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support

                  Packages

                  Version Package
                  7.2.x
                  7.3.x