Workflow targeting is a design choice in the spirit of role based access that involves the creation of a role that grants no accesses other than assigning users to a workflow. As of the writing of this article, it was decided that our Mastercontrol Roles that follow this policy should be broad - include lots of users, and put the onus of who signs off on what onto the department housing those approvers.
1. The first role that was designed with this in mind is Quality Approvers and thus is the example referenced in this article.
2. The users of the role are selected only by the need to be a part of specific workflows.
3. The application right that is provided, Portal->My Recents, is provided out of necessity and should be for all Workflow Targeting roles. Without at least one application right, roles will not be usable/visible/assignable. This permission does not grant anything privileged that a user wouldn't already have access to and is thus acceptable.
4. The vault rights added to this role will be many - it needs to have the appropriate permissions per the rights matrix assigned to the vaults that it will be targeting workflows for. The matrix should be followed as closely as possible here, avoiding any abnormalities for the sake of uniformity and keeping a 'broad' design structure.