I'm trying to limit process invocation as well - the option you describe worked for me in ES1 but it is not availbe in Endpoint Management in ES2. I'm running into the issue that all users with the LiveCycle Workspace User role can invoke any process from Workspace, regardless of whether the Services User role has been assigned to them. I need to limit the users who can invoke the process, but I don't want to exclude any users from just entering Workspace and looking at the tasks that have been assigned to them.
Can you help?
It should work the same as in ES.
In fact I just did a test. I created a new user and assigned him the Workspace User role and that user couldn't see any of my processes in Workspace.
Then I went to one of my process and added the INVOKE_PERM permission to that user (under Security) and the user was able to see that one process, but not the other ones.
If it doesn't work for you, it could be because the group "All User in XXX domain" has some right associated to it and all the users within that group inherit the rights.
To be absolutely sure, create a new group and add a new user with only Workspace User role and test with that user and see if you get the same results.