Microflow module roles

0
I'm getting lots of warnings that say "such-and-such a microflow specifies module roles but is not used publicly". I think these are microflows that are only called from other microflows. Can they safely be ignored or is there an easy way of getting rid of them? Is it a problem if a microflow calls another and the called microflow has tighter permissions than the caller?
asked
1 answers
1

Yes these Microflows are only called from other Microflows (or Java actions), meaning that setting security on them is pointless and could give you a false sense of security, as Microflows can always be run by other Microflows and security only prohibits a user calling one directly. I would remove the security on these Microflows instead of ignoring the warnings.

answered