I am building a set of workflows to be triggered remotely by other workflows. I wanted the workflows to be executed remotely not to be visible in the webportal.
I tried to achieve this by manageing workflow permissions (e.g. only execute), bu tit seems that the read also need to be on so the workflow can be executed. configuration, I see only read and execute. I tried to leave only the execute it but it does not work as I hoped.
Does anyone know any possible solution to this?
users that have the permission to execute a workflow will always see them in the WebPortal. Since Consumers (people who only access via WebPortal/API) are mostly only executing workflows, workflows will be shown to them (if the execute permissions are set). Currently, there is no way to hide workflows.
Is there an update if this is possible in the future?
I have a similar problem.
I have a workflow that calls other workflows via the Call Workflow node.
The problem is, the user sees all workflows in the web portal, but cannot execute them because the input is missing…
This should already be possible today.
The user only needs to see the workflow that calls the other workflows.
You can set up the permissions so that the user has at least execute permissions for the workflow. Execution permissions will allow the user to see and execute the workflow in the WebPortal.
Picture 1: Only the owner has permissions to read & write the workflow. Everyone is able to execute it.
For the workflow that is called by the previous workflow you simply remove all permissions for the user, so neither read, write and execute permission. Also check that the permissions for “World” are removed as well. This will “hide” the workflow in the WebPortal for the user.
Picture 2: Only the owner can read, write & execute. Other users have no access at all and won’t see the workflow in the WebPortal.
The workflow which calls the other workflow via the Call Workflow or Call Workflow Service node needs to contain a KNIME Server Connector node which provides credentials of a user that has execution rights for the called workflow.
I hope this helps.
Thanks for update us on this matter. There is one thing which is still not clear to me:
what will happen when a user calls the main workflow, which will then triggers the other ‘sub-workflows’ (under the same username, I assume)? As you removed all access rights of the ‘sub-workflows’, I would expect it to crash due to the lack of permission. Isn’t that the case?
It depends how you want to set it up.
The orchestration workflow usually contains a Call Workflow (Table Based) or a Call Workflow Service node (recommended as more flexible). These nodes have an optional input port where you connect the KNIME Server Connector. The KNIME Server Connector can be setup to re-use the authentication that is provided by the user who runs the workflow of the server but you can also provide any other user (i.e. a service account) who is running the ‘sub-workflows’ then.
Hope this helps.