This document applies to IriusRisk versions >= 2.0.0
Workflow states define the states that IriusRisk products can pass through. A product can only be in one state at a time. The possible workflow states and their sequence is defined globally for the whole IriusRisk installation.
To define the states, choose the "Configuration → Workflow States" tab:
States can be added, edited and removed from this tab. The sequence of States is from left to right and this can be modified by dragging and dropping. Once the order has been defined, hit the "Apply Changes" button to apply the States to all products.
The default behaviour is that the States are visited sequentially, but this behaviour can be changed by creating Workflow Rules using the rules editor. States can then be assigned based on a number of different criteria.
Each workflow State can overwrite the default permissions scheme per role. For example, we can enforce the ROLE_DEVELOPER to be able to update the Architecture only in the first workflow state of the threat model. You can find more information about access control policies in the Access Control page of the wiki.