Permission type changes for delegated flows

The role-based access control (RBAC) feature introduces two new permission types to replace existing permissions for delegated flows.

Existing permission

Description

New permission

okta.workflows.read

The admin can view delegated flows

okta.workflows.flows.read

okta.workflows.invoke

The admin can view and run delegated flows

okta.workflows.flows.invoke

When you initially enable the RBAC feature, the System Log records the addition of the new permission types for all roles that had the existing permission type.

After RBAC is enabled, Okta also adds or removes the corresponding new permission when you add or remove an existing permission. For example, adding the okta.workflows.invoke permission to a user also adds the okta.workflows.flows.invoke permission.

If you disable the RBAC feature, the System Log contains events for the removal of the new permission types.