On workflow security for a table the column for D states “When true, this rule grants Delete access.” What does this mean in terms of any application over this table?
Should I see the delete row action for a record on an app over this table where the record has one of the workflow statuses that is marked false?
Application control actions and logic block actions will apply first, so if an application or app setting is read-only, delete will never appear. Similarly, if the application has a control action that hides delete or a UI logic block hides delete, it will never appear. Assuming none of these apply:
If the user assigned a workflow security profile is looking at a record (via any application)
Delete row action if the Delete permission is selected for a given workflow stateDelete row action if the Delete permission is not selected.The pictured profile does not grant delete access for any state, so the user should not have delete access at any state.
It would be common practice to allow deletion at a new or draft state and disallow delete for posted or processing states. Workflow Security should govern delete access when one or more users should have delete access dependent on workflow state and/or state type. If no such requirements exist, it’s simpler to allow standard row security to apply - affording a Delete permission on the table (or the table’s security group) will grant blanket Delete access across all workflow states. If the requirements are dynamic, a user needs row Delete access and then workflow Delete access at the necessary states.
Thank you for that clear explanation.