I need to restrict user access to Workspace processes. Using the adminui, service management, I gave my test group INVOKE_PERM permissions to this service. This works good. The users of the test group can only see this process. However, for these users the SOAP calls do not work. I am using a reader extended form and I am getting the error below. If I add the Reader Extension Web Application role, the SOAP call work, but the user of the test group can see all other processes. I created a role and gave it PERM_READER_EXTENSIONS_WEB_APPLICATIONS, Service Read, INVOKE_PERM and other combinations. This role only works if I add Service Invoke and this give users access to all processes. How can I get a role to provide the Reader Extension without using Service Invoke?
An error has occurred. See error log for more details.
User TORRES, ALEJANDRO G does not have the Service Invoke Permission on Service ReaderExtensionsService.