CAM-11245, we should consider improving the autorization tests. Currently, in the negative scenarios (no authorizations applied), we don't check that the whole authorization message but only some parts and that might lead to problems. (e.g. expecting process definition key but the actual is process definition id)
- the tests use the AuthorizationTestRule scenarios.