Restrict access and view for user groups to certain process

I have made user “user” with admin abilities and i have created group ‘consult’ (with * permissions) in which i have enrolled my newly creted user then i have add one war deploeyment with this process.xml into camunda webapp ( p.s i have also added similar tennat id in bpmn file and in user configuration in tentatns filed) but when i log in as “user” i can’t see deployemtn and start task what should i do to be able to make user see and start only first step one process?
<?xml version="1.0" encoding="UTF-8" ?>

<process-application
  xmlns="http://www.camunda.org/schema/1.0/ProcessApplication"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <process-archive name="step_0"  tenantId="one">
    <process-engine>default</process-engine>
    <properties>
    
      <property name="isDeleteUponUndeploy">false</property>
      <property name="isScanForProcessDefinitions">true</property>
      <property name="additionalResourceSuffixes">true</property>
      <property name="isDeployChangedOnly">true</property>
    </properties>
  </process-archive>
   <process-archive name="step_1" tenantId="two">
    <process-engine>default</process-engine>
    <properties>
    
      <property name="isDeleteUponUndeploy">false</property>
      <property name="isScanForProcessDefinitions">true</property>
      <property name="additionalResourceSuffixes">true</property>
      <property name="isDeployChangedOnly">true</property>
    </properties>
  </process-archive>
  
  <process-archive name="step_2"  tenantId="three">
    <process-engine>default</process-engine>
    <properties>
    
      <property name="isDeleteUponUndeploy">false</property>
      <property name="isScanForProcessDefinitions">true</property>
      <property name="additionalResourceSuffixes">true</property>
      <property name="isDeployChangedOnly">true</property>
    </properties>
  </process-archive>

</process-application>

what kind of configuration should i add to make it possible to deploy and start certain process when certain user is logged in?
@Kirsten you are always helpful to me, do you have any idea about this case?

Hi Sally,

In order to deploy a process, your user needs at least READ and CREATE deploy permissions.


Regarding start of a process, please check this docs - Authorization Service | docs.camunda.org

Start new process instance
The “Create Instance” permission is required to start new process instances.
To perform that action, the user also needs to have “Create” permission on the Process Instance resource.

Hope that will help you.

Best regards,
Yana

@yana.vasileva thank you for your reply, it was very helpful,could you tell me how should i make my user create process in my admin mode i can see process definitions and deployments but when i log in with my new user i can’t see any processes which i should start?

Hi Sally,

Could you please share your process definition and process instance authorizations.

Best regards,
Yana