Restrict variable visibility of process instance using authorization

I want to set authorization in such a way that,
User should see cockpit and process instances but should not see all variables (since confidential information) but must see some variables to identify minimum process information.

I did not found anything for this, is this possible?

Did you find the solution for this?
Any help would be appreciated.

Hi @ams,

this is not possible today: Authorization Service |

If a user has access to a process defintion, it can see all its variables.

Feel free to file a feature request here:

Hope this helps, Ingo


Could you then elaborate what the Task authorization is used for?
Am I not able to limit a user in cockpit to see the variables for the tasks that are assigned to them?

Hi @ams,

the Task permission are for updating the task: Authorization Service |, which is claim and complete.

Task permission can restrict a user from completing a task if he gets the ID from somebody else. Usually Tasklist shows only tasks where you have access to.

Variables are a completly different entity.

What is your exact requirement?

Hope this helps, Ingo

Thank you.

I’m trying to let users see their own running processes and variables that they completed themselves, in cockpit.

Right now all users that have access to a running processes for a certain process definition, can see all variables submitted by everyone else.

Unfortunately this is not an option when it comes to highly sensitive data.