Hello
Is it possible for system admins to bypass workflow without having to disable workflow in the back end?
thanks
No – you need to make your sysadmins part of the workflow to give them approval rights.
that will mean a lot of emails to admins, just to be able to make the occasional changes.
Correct, but otherwise you would be bypassing workflow, which is a security flaw. In addition, Matrix caches out the workflow schema as soon as an asset is submitted for approval, so changes made to the schema do not take affect until the asset is out of workflow.
One workaround is to create a generic sysadmin user that has no email address in the user account and assign that user to the workflow. Then, no-one gets any email and if you need to make an emergency approval, you can login as that user.
[quote]Correct, but otherwise you would be bypassing workflow, which is a security flaw. In addition, Matrix caches out the workflow schema as soon as an asset is submitted for approval, so changes made to the schema do not take affect until the asset is out of workflow.
One workaround is to create a generic sysadmin user that has no email address in the user account and assign that user to the workflow. Then, no-one gets any email and if you need to make an emergency approval, you can login as that user.[/quote]
Thanks for the workaround, that is exaclty what we have done, but I thought there might be another way.
I can understand about the security side of it, but I would have expected at least the root user to be able to bypass it.
This would not be acceptable for our Government clients who rely heavily on audit trails and very strict workflow logging to ensure that adequate approvals are obtained for every asset that is published. It has always been Matrix policy to not allow any user to bypass a running workflow of which they are not a member. The only other workaround is as you described in your first post: Rejecting an active workflow, removing the schema and then publishing the asset.