The Automate application is governed by the same security and permissions model as the rest of the platform. This means that users can only see and interact with the automations to which they have access. Additionally, condition evaluation and effect execution uses the permissions of the automation owner or specific notification recipient. This ensures that condition evaluation and any subsequent Action or notification effects always reflect the data access that a user has at the time the automation is evaluated.
Actions defined in the Actions effect are always executed on behalf of the owner of an automation, but notification effects use the permissions of each specific notification recipient. This means that an automation may trigger for one user but not for another, depending on the permissions of each defined recipient. Recipients may also receive different notifications, since function-backed notifications are determined per user. Similarly, attachments are rendered for each individual.
This is best illustrated with an example: imagine a Sales Opportunity object type backed by a restricted view. Depending on a user's permissions, they might be able to access sales opportunities from Europe or the US. You can configure an automation to notify users when new Sales Opportunity objects are added by using an Objects added to set condition. Now, when a new sales opportunity from Europe arrives, the condition will be evaluated per recipient. Users who cannot see sales opportunities from Europe will not see any activity on the automation; no condition event will be shown and no notification will be sent. However, other recipients who have permission to see these sales opportunities will be notified as expected.
When a user edits an automation and saves it, they will always become the new owner (taking ownership from the previous owner). That means that Actions effects will be executed on their behalf in the future. A warning message will appear in this case.