Hi guys,
I have created a folder of workflows that I want World execute users to be able to use but also unable to download the workflows as they contain sensitive keys.
Our POV:
User POV:
Hi,
this behavior is in general intended as the way it currently is it has two important settings:
- The user doesn’t have read permission on the workflow group, so the user isn’t allowed to see what’s inside said group, may it be workflows, files, or other workflow groups
- The user is allowed to execute workflows within the workflow group that have the ‘Inherit permissions from parent’ field checked.
Now we have to decide what is more important:
That the user cannot see what’s inside the workflow group or that the user is able to execute the workflows inside of it. Or another question would be ‘How can a user execute a workflow without knowing it’s there?’. As you cannot execute a workflow group and this flag is only there for the inherit flag, the read permission is prioritized over the execute permission.
If the execute permission would be prioritized over the read permission then users would at least know what workflows (even if it’s only their names) are inside that group, which isn’t also intended as the read permission isn’t given. Furthermore, this would probably confuse users of KNIME Server even more (again ‘How can a user execute a workflow without knowing it’s there?’).
So in this case you have to grant read permissions for the workflow group.
Cheers,
Moritz
1 Like