AnsweredAssumed Answered

Issue -Approver not associated with workflow allowed

Question asked by jackiew on Oct 22, 2007
Latest reply on Oct 30, 2007 by jackiew
I'm experimenting with the enterprise version of alfresco as part of a proof of concept and I was quite surprised to find that users who have no relationship with a workflow are able to perform actions on that workflow with no immediatelyvisible evidence of their actions.

Rather than raise this as an issue immediately i would be interested to learn if this is intentional behaviour and if so why.

My scenario is this I create a workflow, i've tried both simple and advanced.  For the advanced i assigned the review to a number of users who are all in the same group and able to view the document in question.

I then logged in as another user who is unable to view the document but who is able, via the active workflows dashlet, to view the existence of the workflow.  That user can then if they wish approve or reject the workflow. 

In the workflow history information it is assumed that the user who was meant to perform the review did the approval / rejection.  I was also able, as this same user with no permissions on the document to mark the task as done, again with no evidence of the perpetrator of the deed.   I find this a little worrying ( and it may be enough to tip the balance against  using Alfresco ).     My next step will be to check the audit logs to see if there is evidence of the activity there. 

In the meanwhile has anyone else
a) observed this behaviour
b) suggestions how i might be able to easily disable it
c) explanations as to why this behaviour might be acceptable

thanks, Jackie