AT:

• Using the Rest-API Optimize can perform custom queries against the engine for the following entities:
  • historic activity instances
  • historic variable instances
  • historic process instances
• the custom SQL-queries work on all databases (e.g. in Oracle there is not LIMIT keyword)
• the whole implementation is not in the public package and should not be documented
• if authorization is enabled and the request is done with basic authentication, only users that have admin rights or READ_HISTORY/ALL permission on the Process definition and Process Instance resource can perform queries. If the use is not authorized, he receives an appropriate response telling the user that.
• all the Optimize specific files are in the impl packages and not exposed via public api

Context:
Currently, Optimize uses the standard REST-API of the engine. However, those perform authorization checks against the database, distinct selects and do other stuff that make the sql queries very complicated and for a lot of scenarios very slow. To speed that up Optimize should get its own endpoint, where the queries are a lot simpler.