L3 - Default Description
AT:
- the user can only create reports for process definitions he has access to
- when a user retrieves the list of all reports, he gets only those reports where he has been granted access to the process definition
- evaluating a report with a process definition the user has no access to returns an error message
- deleting a report for a process definition the user has no access to returns an error message
- a user is authorized for a definition if one of the following authorization in the engine are defined (assume the user is called "Kermit" and is in the "Kermits-Gang" group, aProcessDefinitionKey is a definition key that is in the engine):
- Type: ALLOW, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
- Type: ALLOW, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
- Type: ALLOW, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
- Type: ALLOW, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
- Type: GLOBAL, User/Group: *, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
- Type: GLOBAL, User/Group: *, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
- an authorization can be revoked with the following settings:
- Type: DENY, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
- Type: DENY, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
- Type: DENY, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
- Type: DENY, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
- the precedence of the authorizations is according to here