Skip to main content

Special Scenarios and Considerations

Special Workflow Authorization Features

Authorization Channel Configuration Best Practices

When configuring authorization channels for workflows in OSPROV, keep these important principles in mind:

1. Workflow Initiator Needs At Least One Matching Authorization Channel

  • The person who needs to start the workflow must have at least one authorization channel that matches the workflow
  • Example: A Product Manager initiating a workflow with authorization channels "Product" and "Marketing" only needs to have either the "Product" OR "Marketing" channel (not necessarily both)
  • Without at least one matching channel, the workflow won't appear in their OSPROV dashboard

2. Task Handlers Need At Least One Matching Authorization Channel

  • Users who handle specific tasks (approvers, reviewers, etc.) need at least one authorization channel that matches the workflow
  • Example: If a workflow has authorization channels "business1" and "business2", approvers need to have either "business1" OR "business2" to see and handle tasks
  • This ensures tasks are only visible to users with appropriate department access

3. Why Configure Authorization Channels This Way

  • Flexible Visibility Control: Ensures workflows appear to any user with at least one matching authorization channel
  • Departmental Security: Prevents users without any matching authorization channels from accessing workflows
  • Cross-Department Collaboration: Allows users with multiple authorization channels to work across departments
  • Organizational Structure: Reflects your company's departmental boundaries while enabling collaboration
  • OR Logic, Not AND: OSPROV uses "OR" logic for authorization channels - users need to match at least one channel, not all of them

When to Use "Ignore Authorization Channel"

Use this option when:

  • A task needs to be visible across all departments (like Finance processing all expense reports)
  • You want to create a company-wide workflow that isn't restricted by department
  • You need specialists from one department to handle tasks for all departments
  • You have users who need to see workflows but don't have all the required authorization channels

When to Use "Allow Initiator to Choose"

Use this option when:

  • The workflow starter knows best who should handle a specific task
  • You need flexibility in routing based on the specific request
  • Different experts might be needed depending on the request details
  • You want to enable cross-department collaboration without giving everyone broad authorization channels

When to Use "Allow Previous Task Handler to Choose"

Use this option when:

  • The person handling the current task has the context to decide who should handle it next
  • The next step might require different expertise depending on the current task's outcome
  • You want to enable dynamic routing based on the workflow's progress
  • You need to maintain workflow flexibility while preserving authorization channel boundaries

Permission Hierarchy

Understanding how permissions scale up can help you understand your current access and potential career progression paths:

  1. Employee (Marketing) → Can see marketing campaigns they're assigned to
  2. Team Lead (Marketing) → Can see all marketing campaigns and team performance
  3. Marketing Manager (Marketing) → Can approve budgets and see department analytics
  4. VP Marketing (Marketing + Sales) → Can see marketing AND sales data
  5. COO (Marketing + Sales + Operations + IT) → Can see multiple departments
  6. CEO (ALL channels) → Can see everything across the company

Special Access Scenarios

Emergency Access Procedures

In certain critical situations, the system can temporarily bypass normal authorization channel restrictions to ensure business continuity and safety. For example, during IT security incidents or HR emergencies, certain actions can have "ignore auth channel" settings.

Temporary Access Arrangements

The system supports temporary access modifications to accommodate special projects, system maintenance, and other short-term needs. These temporary access grants are time-limited and automatically expire.

Public and Shared Information

Not all information requires strict departmental boundaries. Company announcements, policy updates, and training materials are often made accessible across all departments regardless of authorization channels.

Practical Workflow Example: Expense Approval

This example demonstrates how different access levels work together to process a typical business request:

  1. Employee Submission Phase → Employee submits expense report, sees only their own submissions
  2. Department Review Phase → Department manager reviews expenses from their department only
  3. Financial Processing Phase → Finance Manager processes approved expenses from all departments
  4. Executive Approval Phase → CFO provides final approval for large expenses