The Problem: Sometimes we are developing workflows where we use a data connection that the developer has access to but not necessarily the people running the workflow do.
A workflow is pulling from one database to another, with some specific transformations.
This workflow is used by many people, some have Designer for other purposes.
The workflow also writes to a log table, documenting different parts of the workflow for auditing purposes.
This log table is not something that the people running the workflow should have access to write to other than when running this workflow
This log table outputs using a data connection so that it is not embedding passwords (a company-wide best practice)
For someone to run this workflow with this set up, they would need access to this log table's data connection
If the log table data connection is shared to that group of users, now any of the users with Designer can go write whatever they would like to that table since that data connection has access to.
This also makes the log table unsecure for auditing purposes.
The Solution: We are looking for a way to have a data connection in a workflow without giving all of the running users full access to use that connection in their workflows. Almost a proposal of two tiers of permissions:
Access to use a data connection in a workflow you are running
Access to use a data connection in a workflow you are building