How to Manage User Roles in WorkflowEngine?

You can use BasicPlugin. To implement this, subscribe for the UsersInRoleAsync delegate:

private static WorkflowRuntime InitWorkflowRuntime()

    var basicPlugin = new OptimaJet.Workflow.Core.Plugins.BasicPlugin();
    basicPlugin.UsersInRoleAsync = UsersInRoleAsync;

    var runtime = new WorkflowRuntime()

    return runtime;

public static async Task<IEnumerable<string>> UsersInRoleAsync(string roleName, Guid? processId = null)
    //TODO return all identityIds (userId) for this roleName
    return new List<string>() {"identity1",  "identity2", "identity3"};

Then, the CheckRole method becomes available in the WorkflowDesigner.

In the Actors section, add the following roles:


  • Name – the Actor name to be used in the workflow scheme
  • Rule – set the CheckRole from the BasicPlugin
  • Parameter – the role name to be used when calling UsersInRoleAsync, it will be passed in the delegate function as the roleName parameter.

Next, you can limit access to Transitions, using Actors:


When invoking basic operations, you specify the identityId parameter. This is the identifier of the user, who has initiated the operation (for example, the operation of obtaining a list of available commands). When checking the user’s access to commands, in case the Workflow Engine meets Actor with CheckRole Rule in the scheme, the BasicPlugin calls UsersInRoleAsync. It checks if the identityId parameter is contained in the array returned by UsersInRoleAsync. If so, then the command that launches Transition (see picture above) becomes available to the user; and, the user becomes able to execute this command and start the transitional process.

If your system is heavily loaded, and the performance is critical for you, then we recommend creating a separate IWorkflowRuleProvider with the RuleGet and RuleCheck methods that check user roles. You can read more here