You can set the security for the endpoint within adminui.
Just give the Invoke permission to that one user.
I go to the security panel in the adminui in the endpoint management for my process.
I add my user with the Invoke permission to that user but the other can always see and start it in the workspace.
Perhaps someone has added the 'Services User' role to all users which gives them the ability to invoke any service. Check on that in Admin UI > Settings > User Management > Role Management and then look into the Services User role to see who the Role Users are.
Thanks, It was that and someone was me :P
I'm trying to limit process invocation as well - the option you describe worked for me in ES1 but it is not availbe in Endpoint Management in ES2. I'm running into the issue that all users with the LiveCycle Workspace User role can invoke any process from Workspace, regardless of whether the Services User role has been assigned to them. I need to limit the users who can invoke the process, but I don't want to exclude any users from just entering Workspace and looking at the tasks that have been assigned to them.
Can you help?
It should work the same as in ES.
In fact I just did a test. I created a new user and assigned him the Workspace User role and that user couldn't see any of my processes in Workspace.
Then I went to one of my process and added the INVOKE_PERM permission to that user (under Security) and the user was able to see that one process, but not the other ones.
If it doesn't work for you, it could be because the group "All User in XXX domain" has some right associated to it and all the users within that group inherit the rights.
To be absolutely sure, create a new group and add a new user with only Workspace User role and test with that user and see if you get the same results.