Set Permissions When Using Workflow in the Delivery Tier
Set permissions to enable the site application to perform document workflow actions.
By default, the sitewriter user used by the delivery tier has write access to the node /formdata. If you want to use workflow within the delivery tier to persist content beans as documents through the WorkflowPersistenceManager, then the sitewriter user must also have editor or author privileges on folders and documents.
The most straightforward way is to give the sitewriter user the same privileges as the author or editor group on folder and documents. You cannot do this via the Setup > System in the CMS because sitewriter is a system user, so you need to do this via the Console.
Log in to the Console as admin and make sure that Auto-export is enabled.
Grant the Sitewriter User Author or Editor Privileges on Folders and Documents
In the console, at /hippo:configuration/hippo:users/sitewriter, add the following value to the hipposys:userroles property:
(if only author privilege is required use xm.content.author instead of xm.content.editor)
With the above user roles added, the sitewriter user will have editor privileges on folders and documents which supports the delivery tier workflow for sitewriter. Note however that the application needs to be restarted to have effect on the sitewriter user. This is because the sitewriter comes from a pool and is being reused and not logged in again, and only on a new login the new userrole is added.
Optional: Improve the Auto-Exported Configuration
As a result of the above addition of a user role to sitewriter, auto-export will have created the file repository-data/application/src/main/resources/hcm-config/configuration/users/sitewriter.yaml locally containing:
definitions: config: /hippo:configuration/hippo:users/sitewriter: hipposys:userroles: .meta:category: system .meta:add-new-system-values: true type: string value: [xm.form.writer, xm.content.editor]
Auto-export cannot export this cleaner, however, instead of having the entire hipposys:userroles property defined again, it is cleaner to change the contents of sitewriter.yaml into:
definitions: config: /hippo:configuration/hippo:users/sitewriter: hipposys:userroles: operation: add value: [xm.content.editor]
such that only the required addition is being done.