Workflow Authorisation Overview

Estimated Read Time: 6 minutes

Sections in this article:

Overview
Assign Workflow Authorisation
Access to Workflow Reporting

Overview

Workflow Authorisation settings define what users can see and do within workflows. Users can be assigned different levels of permission, which can differ across each workflow board if required.

Gatekeeper offers various types of workflow authorisation. Each type controls what a user can see and do within specific workflows or workflow phases to ensure users have appropriate access based on their responsibilities.

Workflow Administrator - This is the highest level of workflow authorisation. Users can create new workflows, edit all existing ones, and add cards directly to any board (without needing to use a trigger/public form/Employee Portal form). They have admin access to all cards, including the ability to delete or archive cards and complete approvals or actions on behalf of the card owner.
Local Workflow Administrator - Grants administrative access to selected workflows, allowing them to edit the configuration and add cards directly to the board. Users must be explicitly assigned as administrators for each relevant workflow. They cannot archive or delete the workflow, assign other users as administrators or collaborators, or create new workflows.
Local Workflow Collaborator - Provides read-only access to specific workflows. Users can view and open all cards within the workflows they’re assigned to. Users must be explicitly assigned as collaborators for each relevant workflow.
Local Workflow Card Creator View Only Access - Allows users without broader workflow permissions to view cards they’ve created. This means they continue to have access to cards they’ve submitted, even after the cards move to phases where they no longer have active permissions.
Phase Owners - Users without broader workflow permissions can manage cards if they are assigned as a phase owner. This allows them to view, open, and take action on cards while the cards are in that specific phase.
Phase Collaborators - Users without broader workflow permissions can be granted read-only access to cards if they are assigned as a phase collaborator. This allows them to view specific cards, but they cannot make changes or take any action.
Workflow Message Recipients - Users who are tagged in a workflow message using an @ are granted limited access to the message thread they were mentioned in, but not to the full workflow card.

For a detailed breakdown of the authorisation types, see the table below:

Workflow Authorisation Capabilities

This table outlines what each workflow authorisation type allows a user to do within workflows.

Function	Workflow Administrator	Local Workflow Administrator	Local Workflow Collaborator	Owners
Add new workflows	✅	❌	❌	❌
Access all workflows	✅	⚠️ Only specific workflows	⚠️ Only specific workflows	⚠️ Only specific workflows
Configure workflows	✅	✅	❌	❌
Add cards to a workflow	✅	✅	❌	❌
Access all cards on a workflow	✅	✅	✅	⚠️ Only the phases they own
Perform Card Controls: Approve/Reject Update Forms	✅	✅	❌	⚠️ Only the phases they own

Assign Workflow Authorisation

Who Can Assign Workflow Authorisation?

The ability to assign workflow authorisation types depends on the user's permissions. The table below outlines which users are permitted to assign each type of workflow authorisation:

Workflow Authorisation Type	Who Can Assign
Workflow Administrator	Only Global Administrators with the Users additional permission can manage who is a Workflow Administrator.
Local Workflow Administrator	Only Workflow Administrators can assign local administrators.
Local Workflow Collaborator	Only Workflow Administrators can assign local collaborators.
Local Workflow Card Creator View Only Access	Only Workflow Administrators can enable this setting.
Phase Owners	Both Workflow Administrators or Local Workflow Administrators can configure the ownership for each phase.
Phase Collaborators	Both Workflow Administrators or Local Workflow Administrators, and Phase Owners can assign collaborators on a workflow card.

Assign Workflow Administrators

To assign a user as a Workflow Administrator:

From the navigation menu, expand Settings then click Users.
Expand the 3 dots on the relevant user, then select Edit.
From the Additional Permissions section, select the Workflow Administrator checkbox, then click Save.

Note: To remove Workflow Administrator access, deselect the Workflow Administrator checkbox and click Save.

Assign Local Workflow Access

Workflow Administrators can manage the authorisation for specific workflows by granting local administrator or collaborator access, and enabling view-only access for card creators.

To assign Local Workflow Administrators or Local Workflow Collaborators to a specific workflow:

Click Workflows from the navigation menu.
Expand the 3 dots on the relevant workflow, then select Local Workflow Authorisation.
Click Add, then select New Workflow Administrator or New Workflow Collaborator as required.
Select the relevant user from the dropdown menu, then click Save.

To enable Local Workflow Card Creator View Only Access:

Click Workflows from the navigation menu.
Expand the 3 dots on the relevant workflow, then select Local Workflow Authorisation.
Under Card Creator View Only Access, switch on the Enabled toggle.

Assign Phase Owners

Phase ownership can be configured on each phase of a workflow. To learn more, see Workflow Phase Owners Overview.

Access to Workflow Reporting

The Reporting Additional Permission grants access to the Card Age report, which gives an overview for all workflows in your tenant. The Workflow Filter can be used to view insights for individual workflows:

Users with this additional permission can view data from all workflows, regardless of their workflow authorisation settings.