Security tab not shown on the frist step "edit" for advanced workflow

The security can be set only on "custom" steps between the Edit and Publish step - as it is also described in the documentation - the yellow warning box. If you want to restrict editing of the page, then you need to apply ACL permissions.

i'll explain my problem more specifically

• The workflow allows Check-in/Check-out

• Frist Step “Initial Edit” Step Name : “Initiator” Has an Action called “Send To Writer” and should only be allowed for Users on Role “Initiators”

• i've appliced condition on it, as follows CurrentUser.IsInRole("Initiator")

the problem is users from other roles, can check out the page as they have edit content is there a way to disable the check-out button based on Macro condition on the Initiator step Like iChecout.IsEnable = CurrentUSer.ISInRole(“Initiator”))

i had to make it from the EditMenu.ascx like this

if (DocumentManager.Step != null && DocumentManager.Step.StepName == "Initiator" && !IsInRole("Initator")) ShowCheckOut = false;

Well, in this case you need to apply the mentioned ACL permissions and disable access/editing of the pages by other roles.

I did ACL permissions but it seems that effect preformce becouse you need to include all users that not allowed to edit page then take modify permission. let me explain more, I have writer role who has many users, the document in speciefic culture should send to writer role. After that, the first user check it out will be responseable to edit it among others, while the reset of writers must have only read permission.

Codevar user = MembershipContext.AuthenticatedUser;
      var node = p.DocumentManager.Node;
         if (node != null && user != null && node.ClassName == "myproject.Article")
        {
            if (IsInRole("Writer"))
           {
              if (node.NodeCustomData["WorkflowStep"] != null && node.NodeCustomData["WorkflowStep"].ToString() == "Initiator")
                   denyBrowseTree(node, user);

                if (node.NodeCustomData["CurrentWriter"] != null)
                 {
                    string currentWriter = node.NodeCustomData["CurrentWriter"].ToString();
                  if (user.UserID.ToString() != currentWriter && currentWriter != "0")
                        denyModify(node, user);
                      AclItemInfoProvider.SetUserPermissions(node, 0, den, user);
               }
           }
      }

Do you think this approach has negative effect in performance and security ? Please if you have any suggestion share with us. Thank you.

Well, yes it can have a negative impact on performance if the check is done on each visit of the page. Your requirement is very rare and custom - to allow only one person from a role to edit page and then all others just to read. This is against the current membership model. All users in the same role have the same permissions. If not, then the users must be assigned to different roles. Or, you need to assign ACL permissions individually for each user. In this case it is the same as disk permissions.
It might be better to consulting your needs and possible solutions with the solution architect.

Thank for your answer. Is there any way to set ACL permissions on leve of document culture not Node. Because when I grant edit permission to one user, other cultures also not accessble by others. What I am looking for : One an Initiator send a doccument to "writer role" to approve , the each writer can pick one culture and it should only edit by him withen the same role. We try to use custom column in document table to store writer id then douring document loading disable actions buttons. However, we do not know how to reset or hide workflow message (see the screenshot below)

Thank you..

ACL permissions are per node. It is not possible to set them differently per culture.
Have you considered using the advanced workflow and several different branches of the workflow process? Then, you can also set the users to be allowed to edit only certain cultures (screen shot). I would recommend considering the session with our architect who will collect all the details of your need and suggest the best possible approach.

Thank you . How could reset the message or hide label in certain action? Almost, we align with our requirements, but this message should be hidden or changed based on our scenario.

    // Set the information text
    if (!String.IsNullOrEmpty(InformationText))
    {
        lblInfo.Text = InformationText;
        lblInfo.CssClass = "LeftAlign EditMenuInfo";
        lblInfo.Visible = true;
    }

I try to hide this lable but still message is shown.

Thank you.

I fixed this issue by overwriting document info under specific condition such as :

DocumentManager.DocumentInfo= ResHelper.GetString("EditMenu.writerNotAutorized", ResourceCulture);

Thank you.