Are workflows processed in the front or back-end? More specifically, can a skilled user access information, which is not shown to the user, but only accessed in a workflow?
Regarding the specific use case: In my app users can contact other users by sending them a message which is delivered to the receiver via a workflow which sends an email. As high data privacy is really important in this setting the email-adress of the receiver should not be revealed to the sender of the mail until the receiver confirms. However, when I define roles that the sender of the message cannot access the data of the receiver of the message, the message is not delivered as the email-adress cannot be accessed by the workflow. How do I need to define the user roles? And in this setting, if only the workflow accesses the data, can a technically skilled user potentially access the data as well?
Any help appreciated 