Hi,
I try to understand the concept of authorization. I want a user from the group StudentGroup is abled to start the process bppminiwik. The user SekiMA from the group SekiGroup is only allowed to read the user task Stammdaten anzeigen.
I created the following user and groups
User: SekiMA (dedicated to SekiGroup)
User: Studi1 (dedicated to StudentGroup)
Unfortunately the user Studi1 is not allowed to start the process (only allowed to see the tasklist). So I started the process with admin access. The User SekiMA can see now the task “Stammdaten anzeigen”.
Why is the user Studi1 not allowed to start the process?
For "Process Instance Authorizations"
Resource ID should be “*” instead of “bppwkmini”
and both of them need only READ permission.
For "Process Definition Authorizations"
In case members of “StudentGroup” should be able to work on the process too then, set both “CREATE_INSTANCE, READ” permissions to “StudentGroup” group.
For better understanding: I thought if I type “*” the user or group is abled to start every process. I only want him to start the process bppminiwk. Do I think right?
The resource id only of the Process Instances authorization needs to be set to “*” (for permission READ). The reason behind this is that there is no process instance id before the creation of the process instance. So you need to specify READ permission for all process instances (asterisk as resource id), as it is described in the docs.
You can leave bppwkmini as resource id for CREATE_INSTANCE, READ permission of the Process Definition.