Differences in authorization rules

Hi all,

What minimal authorization rule must be applied to a group so they can read variables listed in a filter without getting read rights on all other tasks in a process?

I can see the variables when I define any of these rules, but which one is more restrictive than the other one?

  1. Process Definition Authorizations - ALLOW my_group READ_INSTANCE my_process
  2. Process Instance Authorizations - ALLOW my_group READ my_process

Anyone knows what the least restrictive of the two is?

Hi @nvanbelle,

I believe they are equivalent.


Hi @nvanbelle. I know that its a long time since you asked, but the answear might help somebody else.

The least restrictive would be the first one because it gives permission to the specific process instance instead of all process intances of a given process definition.