Question

Deeplink ignoring microflow allowed roles

1

Hi I stumbled across this issue where a deeplink has the setting to NOT allow guest users and only certain user roles were allowed to execute this deeplink. I set these user roles via the allowed roles in the microflow settings. But now I found out that the allowed roles setting is completely ignored and every user that can login, is able to execute the microflow behind the deeplink. I know I can fix this by making custom logic in the microflow behind the deeplink, but I’m curious as to how this is possible.

asked 2019-04-18

Jonas Semeelen

1 answers

OLD - Mikael Verhoef - Timeseries · Accepted Answer · 2019-04-19

This is possible because the user roles defined on a Microflow are only used to determine the users that are allowed to trigger that microflow. If the microflow is used as a sub microflow (or triggered from a Java action like in case of a deeplink), the user roles are not taken into account.

You could try and see if it helps if you enable "Apply entity access” on the microflows that are triggered as a deeplink.