Vulnerability in EPiServer.Forms
This is just a quick question regarding EoiServer Workflows. Does each person in the Workflow have to have Publish rights?
We have a client who wants to have a sequential workflow and the first couple of Reviewers in the workflow can Approve but cant Publish. Is this possible? And if so how is this done?
Yes, it would seem that each person in the workflow (both approvers and publishers) need Publish rights - http://xlevel.org.uk/issues-with-configuring-approval-workflows-in-episerver/
"The sequential and parallel approval workflows are designed to regulate the publishing of pages within the website. However, there are a couple of features with the out of the box design that could cause issues if you want to use these approval workflows to automatically regulate the publishing of pages on your website.
This means that approvers can bypass the workflow system and publish the page before it has gone through all it’s stages."