Restrict access to PMG Connectors
Governance for distributed development

Virtually all of our customers take advantage of PMG’s robust integration capabilities and our large library of pre-built connectors.

As a wise man once said though, “with great power comes great responsibility.” Opening a connection to other systems means that the platform holds the “keys” to them, so access should be carefully guarded.

As part of a connector scenario set up, admins can define permissions to make that scenario only available for the workflows matching the configuration. This feature locks down where the scenario will get used, such as only in a specific workflow or workflows belonging to a collection.

Alternatively, an admin can grant other users the right to fully change the scenario and permissions.

The platform system setting WORKFLOW_PERMISSION_MODE defines the way the connector scenario will be restricted. If set to Collection, workflow permissions are managed at the collection level. If set to Workflow, workflow permissions are set at the workflow level.

On the new Connector Configuration Management UI, the Edit Permission button allows the administrator to configure Managers and Workflow Access. The Managers setting names users to own or edit the scenario.

Workflow Access sets where the scenario will get used, based on collection selection…

…or a list of Workflow names.

So what happens when a user attempts to use a workflow configured for a restricted scenario? The workflow will not be deployed, and an error message will be shown.

That is, unless you say the magic word. ?