.png)
In a multinational company's procurement process, different actors work in the same system: the head of the finance department approves the tender documentation worth 500 thousand euros, later the warehouse worker confirms the arrival of goods. The finance manager doesn't need to see exactly how many pallets arrived, and the warehouse worker cannot see the transaction value. Both receive exactly the information they need for their work.
Access control is one of the most critical, yet least noticeable elements of enterprise workflow automation. While most decision-makers are aware that "there are roles and permissions," few understand how deeply different approaches affect daily operations, security, and regulatory compliance.
Traditional workflow systems typically use a Role-Based Access Control (RBAC) model. Its operation is simple: we define roles – procurement manager, finance manager, warehouse worker – and assign permissions to them.
This approach works for simple processes. What happens when reality is more nuanced?
A procurement manager can see contracts under 100 thousand euros, but has no access to those above. In the early stage of a project, the technical specification is visible to everyone, but when sensitive price calculations are added, access suddenly needs to be restricted. An external consultant may work on the project, but certain internal data remains closed to them.
In RBAC systems, these situations can only be handled by creating more and more roles: "procurement manager under 100k", "procurement manager between 100k-500k", "project manager early phase", "project manager sensitive phase". The number of roles grows exponentially, the system becomes incomprehensible, and maintenance becomes a nightmare.
Advanced workflow systems, including Fluenta One, apply an Attribute-Based Access Control (ABAC) approach. The fundamental difference is simple but has far-reaching consequences: it's not just about who you are, but what task you're performing, with what data, under what circumstances.
In ABAC systems, permissions are determined by rules that consider, among other things:
In practice, this means that a rule can look like this, for example: "The user can see the financial data if the project value is less than their approval competency, AND the project has not yet been closed, AND they are not an external consultant."
One of the most valuable ABAC capabilities is field-level access control. This means that different users see different fields in the same form.
Let's take the approval of a procurement order as an example:
Each actor works with the same document, in the same process, but everyone only receives the information relevant to them. This is not just a security issue, it's also an efficiency issue. There's no need to browse through irrelevant data, no need to ask for explanations for information that doesn't concern us.
Modern business processes increasingly extend beyond corporate boundaries. Parent-subsidiary relationships, supplier collaborations, involvement of external consultants – in each case, the challenge is to precisely control who sees what.
In the case of Fluenta One, access control doesn't stop at the company gates. The same field-level rules can be applied to external partners as to internal employees.
When a subsidiary provides data to the parent company, it can be precisely determined which fields are transmitted and which data remains visible only to the subsidiary. When an external partner participates in the process, access can be controlled with the same level of detail as if they were an internal employee.
This is particularly important in sensitive industries – finance, pharmaceuticals, defense – where compliance is mandatory.
A critical, often overlooked aspect: it's not enough to check permissions once when someone enters the system. Fluenta One follows the Zero Trust principle and revalidates with every single operation whether the user is authorized for that particular activity.
This is important because permissions change: someone transfers to another department, a project reaches a value threshold where higher-level approval is needed, a contract's confidentiality level changes, or an employee leaves the company.
Continuous validation ensures that these changes take effect immediately, without having to manually intervene in every process.
Many companies already use a central single sign-on (SSO) solution – Microsoft Entra (formerly Azure AD), Okta, Ping Identity, or Google Cloud Identity. Fluenta One can integrate with these systems, so users access it with the same login as other corporate applications.
The advantage goes beyond convenience: when an employee leaves the company and IT deletes their access in the central SSO system, they automatically lose access to Fluenta One as well.
Moreover, information from the central system – organizational unit, position, supervisor – can automatically be built into permission rules, so Fluenta One always works with up-to-date data.
One of the finer aspects of access control is that who can perform what operations can differ. For a process, these permissions can look like this:
These can be controlled separately, so a user may see the process, see the data, but may not be able to modify or approve them.
A deeper layer of access control is that process status visibility and access to the specific data within it can be controlled separately.
A manager can see that a tender is in progress, track its status, know who's working on it, where it stands – without seeing the sensitive price calculation or technical details. Controlling can see every process where a financial obligation arises, but the specific technical specifications are not relevant to them. The compliance team can track all processes for audit purposes without accessing business-sensitive information.
This separation enables transparency and control mechanisms while maintaining the protection of confidential information.
In the era of DORA, GDPR, SOX and similar regulations, access control is not just an internal security issue. You must be able to prove who could see what, when and why.
Fluenta One's access control automatically generates this documentation. Every access is recorded, every rule is traceable, every change is logged. When an auditor asks who could see a particular document, the system shows exactly: these users, with these permissions, at this time.
Access control is an often forgotten topic when we talk about workflow automation. Yet it's one of the most determining factors in how capable a workflow system is of supporting real business complexity. The difference between RBAC and ABAC affects scalability, maintainability, security and regulatory compliance.
Fluenta One's approach reflects this complexity: with its sophisticated access control, it truly supports complex, dynamic business processes.
.png)
.png)
