Avatar

Level 2

Thanks Jasmin... I in fact get the expected result when i created a new user with Workspace_User role and put them in a new group, they are unable to see my process.

So this works in the DefaultDom... however, in my real world scenario I am still having issues:

-we are doing LDAP sync to bring in the users and groups from a separate domain, and in this case, the users with only Workspace_User role can still invoke the task manager endpoint

-the process was created in Workbench ES2

I was hoping to find that the user was inheriting the services role from a group they were in or something, but it doesn't seam to be the case.  I have a user who only has Workspace_User role, and the group they are in also only has Workspace_User role. They are not in any Administrator or Services groups or roles. I even checked the Services_User role users... and my user is not listed there or in any group listed there.

And again it works ok when i set up the basic example in DefaultDom... but not when I try using the users in our synched domain.  Is there anywhere else you could think of that they would be inheriting these permissions from?