Workflow constants

Workflow constants are workflow references that are available to all workflows within a given workflow scope, such as a SharePoint farm, site collection, or site. For more information about workflow scope, see Workflow scope and context. Workflow constants are typically used to store information that can be used by multiple workflows, such as credentials, URLs, connection strings, and so on.

• Accessing workflow constants

• Sensitive workflow constants

• Secure strings

• Credentials

Accessing workflow constants

Workflow constants can be accessed only by users with the appropriate permissions, depending on the definition of the workflow constant. Access to a workflow constant can be restricted to the following levels:

• Everyone

  Any user that can access the SharePoint farm, site collection, or site can use the workflow constant.

• Administrators

  Workflow constants can be accessed only if the current user has the necessary administrative permissions to do so at the appropriate SharePoint scope for the workflow constant:

  • If the workflow constant is scoped to the SharePoint farm, the current user must be a SharePoint farm administrator.

    Nintex Workflow 2013 uses the CurrentUserIsAdministrator method, from the SPFarm class in SharePoint, to check for the necessary permissions.

  • If the workflow constant is scoped to the SharePoint site collection, the current user must be a SharePoint server farm administrator or a SharePoint web administrator for that site collection.

    Nintex Workflow 2013 uses the DoesUserHavePermissions method, from the SPWeb class in SharePoint, to check that the user has the following site permissions:

    • Add and Customize Pages

    • Browse Directories

    • Manage Permissions

    • Manage Web Site

    • Open

    • View Pages

    For more information about SharePoint user permissions, see User permissions and permission levels in SharePoint 2013.

  • If the workflow constant is scoped to the SharePoint site, the current user must be a SharePoint site administrator for that site.

    Nintex Workflow 2013 uses the UserIsSiteAdmin property, from the SPWeb class in SharePoint, to check for the necessary permissions.

  For more information about the administration hierarchy in SharePoint 2013, see Choose administrators and owners for the administration hierarchy in SharePoint 2013.

• Specific users

  Only a user included in an explicitly specified set of groups and users can use the workflow constant.

Sensitive workflow constants

String, numeric, and date workflow constants can be marked as sensitive workflow constants. Sensitive workflow constants are encrypted, and the contents are not available to the user. The user can include references to them in configuration settings for workflow actions, but only if the control for that configuration setting allows inclusion of sensitive workflow constants.

To support the use of sensitive constants in custom workflow actions, ensure that the appropriate controls included on the configuration page can include sensitive workflow constants:

• Use the ContextDataLookup control to allow the user to explicitly specify a workflow constant, including a sensitive workflow constant, as the value of a configuration setting. For more information, see Working with the ContextDataLookup control.

• Use the DropDownWithInsertReference, PlainTextWebControl, SingleLineInput, or RTE control, and set the IncludeSensitiveWFConstants property to true to allow the user to include a reference to a sensitive workflow constant. If this property is not set to true, the Insert Reference dialog box does not display sensitive workflow constants.

Workflow references for sensitive workflow constants are decrypted when the workflow references are resolved. For more information about resolving workflow references, see Workflow references.

Secure strings

Secure string workflow constants are similar to sensitive workflow constants, in that the value is encrypted and the contents are not available to the user. The user can include references to them in configuration settings for workflow actions, but only if the control for that configuration setting allows inclusion of secure string workflow constants.

This type of workflow constant is typically used to store security tokens for external features and services, such as Nintex Live actions.

To support the use of secure string workflow constants in custom workflow actions, ensure that the appropriate controls included on the configuration page can include secure string workflow constants:

• Use the ContextDataLookup control to allow the user to explicitly specify a workflow constant, including a secure string workflow constant, as the value of a configuration setting. For more information, see Working with the ContextDataLookup control.

• Use the DropDownWithInsertReference, PlainTextWebControl, SingleLineInput, or RTE control, and set the IncludeSecureStringWFConstants property to true to allow the user to include a reference to a secure string workflow constant. If this property is not set to true, the Insert Reference dialog box does not display secure string workflow constants.

Workflow references for secure string workflow constants are decrypted when the workflow references are resolved.

Credentials

Depending on the configuration of the SharePoint farm on which the workflow resides, Nintex Workflow 2013 can provide encrypted credentials as workflow constants.

Nintex Workflow 2013 supports two types of credentials as workflow constants:

• User-supplied credentials

  User-supplied credentials are provided by the user, encrypted, and stored in the Nintex configuration database.

  The availability of user-supplied credentials depends on the value of the Allow entry of user credentials global setting in Nintex Workflow Management:

  • Constants page only

    User-supplied credentials created in Nintex Workflow Management are available for use in workflow actions, but you cannot enter your own user-defined credentials when configuring a workflow action.

  • Constants page and action dialog

    You can either use user-supplied credentials created in Nintex Workflow Management, or you can enter your own user-defined credentials when configuring a workflow action.

  • Neither

    You cannot use user-supplied credentials.

• Secure Store credentials

  Secure Store credentials retrieved by Secure Store Service, a service application provided with SharePoint 2013. Secure Store credentials are available only if Secure Store Service is configured for the SharePoint farm. For more information about configuring the Secure Store Service, see Configure the Secure Store Service in SharePoint 2013.