Expand my Community achievements bar.

Process Invoke Permissions

Avatar

Former Community Member
7/13/10 8:34:40 AM

Here is my setup.  Assume I have 100 processes.

I've created a role that grants SERVICE_INVOKE permissions.

I've assigned this role to the "All Principals" group.

This was an easy way of granting invoke permissions to all users on all processes.

Now, I want to add process 101.  But, I only want a limited set of users to be able to invoke it.  How do accomplish this?

Because of the role I created earlier, all principals will get invoke permissions on process 101 by default.  It appears to me that in order to accomplish this I will have to

  1. Remove the SERVICE_INVOKE permission from my role.
  2. Add the "All Principals" principal with INVOKE_PERM permission on each of the 100 processes
  3. Add the limited set of users with INVOKE_PERM to process 101

I didn't see a way of denying "All Principals" invoke permissions on process 101.

Views

799

Replies

1

Total Likes

Translate
Translate
1 Reply

Avatar

Level 10
Level 10
7/13/10 11:42:06 PM

Now you need to differentiate between 1st set of users(who invokes the 100 processes) & 2nd set(for the newly created process).

Try the following:

1. Create two user groups

     Group1 (All users except 2nd set of users) i.e 1st set

     Group2 (2nd set of users)

2. Remove all principal from PROCESS_INVOKE role assignment

3. Assign PROCESS_INVOKE role to both groups for the 100 processes

4. For Group2, assign PROCESS_INVOKE role on 101th process

Will that workout?

Nith

Views

291

Replies

0
Sign in to like this content

Total Likes

Translate
Translate