1 Reply Latest reply on Jul 13, 2010 11:42 PM by $Nith$

    Process Invoke Permissions

    The Flex Viking Level 1

      Here is my setup.  Assume I have 100 processes.


      I've created a role that grants SERVICE_INVOKE permissions.

      I've assigned this role to the "All Principals" group.


      This was an easy way of granting invoke permissions to all users on all processes.


      Now, I want to add process 101.  But, I only want a limited set of users to be able to invoke it.  How do accomplish this?


      Because of the role I created earlier, all principals will get invoke permissions on process 101 by default.  It appears to me that in order to accomplish this I will have to

      1. Remove the SERVICE_INVOKE permission from my role.
      2. Add the "All Principals" principal with INVOKE_PERM permission on each of the 100 processes
      3. Add the limited set of users with INVOKE_PERM to process 101


      I didn't see a way of denying "All Principals" invoke permissions on process 101.

        • 1. Re: Process Invoke Permissions
          $Nith$ Level 4

          Now you need to differentiate between 1st set of users(who invokes the 100 processes) & 2nd set(for the newly created process).


          Try the following:


          1. Create two user groups

               Group1 (All users except 2nd set of users) i.e 1st set

               Group2 (2nd set of users)


          2. Remove all principal from PROCESS_INVOKE role assignment


          3. Assign PROCESS_INVOKE role to both groups for the 100 processes


          4. For Group2, assign PROCESS_INVOKE role on 101th process



          Will that workout?