I did a search of this forum and came across Scott Durow's great article on this topic here: http://www.develop1.net/public/post/user-impersonation-in-plugins-workflow-and-dialogs.aspx.
I fear my situation is a result of the Parent on demand workflow controlling the impersonation of a called child workflow even though the child is configured to run "as the workflow owner." Here is my scenario:
I have an on demand workflow triggered "on entry" of a business process flow stage which takes money out of my custom general ledger entity record. We'll call it "Decrement Funds."
<sidenote> I consistently name my workflows so I know how they are triggered. For example, in this case, 'EntityA-D-DecrementFunds" tells me it runs on the EntityA entity and is on "D"emand. </sidenote>
EntityName-D-DecrementFunds calls a child workflow run on child records (via AG Utilities One to Many plug in). That child workflow is supposed to take money out of the general ledger. The user running the workflow cannot have direct edit to this entity, so I set all fields on it for field security, run the child as "run as workflow owner." and assign it to a service account with permissions to update that entity via field security profile.
No matter what I do, this results in a permissions error saying the user running the workflow does not have permission to update the general ledger.
I'm perplexed how to get around this. Some options I've considered:
- Trigger the child workflow from the change of a field rather than the change of a stage so it doesn't have to be "on demand." Woudl that work? Is this purely about "on demand" vs. on field change? This will be problematic, though, because I control all my customization by stage change.
- Maybe if the child workflow ran as a background process? Would it matter?
HELP!
