Plone Workflow

Plone Workflow


Controlling security with workflow


All levels


Work in progress


This chapter is still work in progress!

Workflow is used in Plone for three distinct, but overlapping purposes:

  • To keep track of metadata, chiefly an object’s state;

  • To create content review cycles and model other types of processes;

  • To manage object security.

When writing content types, we will often create custom workflows to go with them.

Plone’s workflow system is known as DCWorkflow. It is a states-and-transitions system, which means that your workflow starts in a particular state (the initial state) and then moves to other states via transitions (also called actions in CMF).

When an object enters a particular state (including the initial state), the workflow is given a chance to update permissions on the object.

A workflow manages a number of permissions – typically the “core” CMF permissions like View, Modify portal content and so on – and will set those on the object at each state change.

Note that this is event-driven, rather than a real-time security check: only by changing the state is the security information updated.

This is why you need to click Update security settings at the bottom of the portal_workflow screen in the ZMI when you change your workflows’ security settings and want to update existing objects.


  • Add a use case story thread that runs through each of the sections to illustrate how each concept works

  • Add in more screen shots of the TTW (Trough-The_web) experience of using workflows in Plone