Hi, I have a centralized Guvnor5.5 environment where multiple applications access the Guvnor through rest api for their respective assets. Each application is assigned a change-set that points to the Package containing assets for that application only. In each change-set the authentication provided is "basic-authentication".
Problem Case: If the application developer knows the names of other packages he can point the application to run processes of other applications. This causes security issue for us. Applications should access assets assigned to them in their change-set only. I need to setup user and permissions for access through REST interface on the basis of packages. Applications accessing Guvnor should be allowed only to access their respective package/assets/categories only. Thanks and Best Regards, Zahid Ahmed
_______________________________________________ rules-users mailing list [email protected] https://lists.jboss.org/mailman/listinfo/rules-users
