1 Reply Latest reply on Jul 13, 2010 11:42 PM by $Nith$

    Process Invoke Permissions

    The Flex Viking Level 1

      Here is my setup.  Assume I have 100 processes.

       

      I've created a role that grants SERVICE_INVOKE permissions.

      I've assigned this role to the "All Principals" group.

       

      This was an easy way of granting invoke permissions to all users on all processes.

       

      Now, I want to add process 101.  But, I only want a limited set of users to be able to invoke it.  How do accomplish this?

       

      Because of the role I created earlier, all principals will get invoke permissions on process 101 by default.  It appears to me that in order to accomplish this I will have to

      1. Remove the SERVICE_INVOKE permission from my role.
      2. Add the "All Principals" principal with INVOKE_PERM permission on each of the 100 processes
      3. Add the limited set of users with INVOKE_PERM to process 101

       

      I didn't see a way of denying "All Principals" invoke permissions on process 101.

        • 1. Re: Process Invoke Permissions
          $Nith$ Level 4

          Now you need to differentiate between 1st set of users(who invokes the 100 processes) & 2nd set(for the newly created process).

           

          Try the following:

           

          1. Create two user groups

               Group1 (All users except 2nd set of users) i.e 1st set

               Group2 (2nd set of users)

           

          2. Remove all principal from PROCESS_INVOKE role assignment

           

          3. Assign PROCESS_INVOKE role to both groups for the 100 processes

           

          4. For Group2, assign PROCESS_INVOKE role on 101th process

           

           

          Will that workout?

           

          Nith