Set Permissions When Using Workflow in the Delivery Tier
Set permissions to enable the site application to perform document workflow actions.
By default the sitewriter user used by the delivery tier has write access to the node /formdata. If you want to use workflow within the delivery tier to persist content beans as documents through the WorkflowPersistenceManager, then the sitewriter user must also have editor or author privileges on folders and documents.
The most straightforward way is to give the sitewriter user the same privileges as the author or editor group on folder and documents. You cannot do this via the Setup > System in the CMS because the sitewriter is a system user, so you need to do this via the console.
Log in to the Console as admin and make sure that Autoexport is enabled.
Give the sitewriter author or editor privileges on folders/documents
In the console at /hippo:configuration/hippo:users/sitewriter to the hipposys:userroles add
(if only author privilege is required make it xm.content.author)
After the above, the sitewriter will have editor privileges on folders and documents which supports the delivery tier workflow for the sitewriter. Note however that the application needs to be restarted to have effect on the sitewriter user. This is because the sitewriter comes from a pool and is being reused and not logged in again, and only on a new login the new userrole is added.
Optionally: Improve the auto-exported configuration
As a result of the above addition of a userrole to the sitewriter, auto-export will have created the file sitewriter.yaml locally contaning:
definitions: config: /hippo:configuration/hippo:users/sitewriter: hipposys:userroles: .meta:category: system .meta:add-new-system-values: true type: string value: [xm.form.writer, xm.content.editor]
Auto-export cannot export this cleaner, however, instead of having the entire hipposys:userroles property defined again, it is cleaner to change the sitewriter.yaml into:
definitions: config: /hippo:configuration/hippo:users/sitewriter: hipposys:userroles: operation: add value: [xm.content.editor]
such that only the required addition is being done.