https://connect.hyland.com/t5/alfresco-forum/process-definition-and-access-control/m-p/11606#M5140 <HTML><HEAD></HEAD><BODY><P>Sonali,</P><P></P><P>There are several possibilities in order to achieve this, which I'll call "Multi-tenancy" henceforth. <A href="http://www.jorambarrez.be/blog/2015/10/06/multi-tenancy-separate-database-schemas-in-activiti/" rel="nofollow noopener noreferrer">Check out this blog post by Joram Borraz</A>, which highlights a couple of potential methods to partition data by tenants - which, if you treat the tenant structure like a 'roles' structure, then you can partition the data in very similar ways with little to know additional customization overhead.</P><P></P><P>However, if these options don't fit your desires:</P><P><BR /><EM>Note: When you see <STRONG>'tenant'</STRONG>, feel free to substitute whatever phrasing you'd prefer, perhaps <STRONG>"role"</STRONG>.</EM></P><P>To get this functionality you're going to need to modify the existing DB structure and the corresponding object structures that are used to maintain the communication with the database. You could create a <EM>user_tenant_mapping</EM> table that would check that a user is tied to the data being pulled from the database, or just add a <EM>tenant_id</EM> column to the <EM>act_id_users/act_id_groups</EM> table. Both of those have their own difficulties, but could function to do the job you're looking for. You could also extract out the tenant information into its own table and correlate the IDs to the data and the users.<BR /> <BR />The difficult thing here is that Activiti Community doesn't support any OOTB methods to enforce multi-tenancy rules; it just provides the ability to 'partition' data into different tenants, but the ability to implement privacy if necessary is on the developer.<BR /> <BR />Hope this helps,<BR />-JEarles</P><P><A href="https://migration33.stage.lithium.com/t5/tag/bp3/tg-p"></A>‌</P></BODY></HTML> Fri, 14 Apr 2017 17:40:29 GMT jearles 2017-04-14T17:40:29Z https://connect.hyland.com/t5/alfresco-forum/process-definition-and-access-control/m-p/11605#M5139 Hi Team,I have a query regarding process definition and access control.Consider a scenario: I have created a user="admin" and role="admin_custom". Using this admin user i have created a new process definition and deployed the same. By default this process definition is accessible to all users. For e Fri, 14 Apr 2017 06:02:30 GMT https://connect.hyland.com/t5/alfresco-forum/process-definition-and-access-control/m-p/11605#M5139 sonalik 2017-04-14T06:02:30Z https://connect.hyland.com/t5/alfresco-forum/process-definition-and-access-control/m-p/11606#M5140 <HTML><HEAD></HEAD><BODY><P>Sonali,</P><P></P><P>There are several possibilities in order to achieve this, which I'll call "Multi-tenancy" henceforth. <A href="http://www.jorambarrez.be/blog/2015/10/06/multi-tenancy-separate-database-schemas-in-activiti/" rel="nofollow noopener noreferrer">Check out this blog post by Joram Borraz</A>, which highlights a couple of potential methods to partition data by tenants - which, if you treat the tenant structure like a 'roles' structure, then you can partition the data in very similar ways with little to know additional customization overhead.</P><P></P><P>However, if these options don't fit your desires:</P><P><BR /><EM>Note: When you see <STRONG>'tenant'</STRONG>, feel free to substitute whatever phrasing you'd prefer, perhaps <STRONG>"role"</STRONG>.</EM></P><P>To get this functionality you're going to need to modify the existing DB structure and the corresponding object structures that are used to maintain the communication with the database. You could create a <EM>user_tenant_mapping</EM> table that would check that a user is tied to the data being pulled from the database, or just add a <EM>tenant_id</EM> column to the <EM>act_id_users/act_id_groups</EM> table. Both of those have their own difficulties, but could function to do the job you're looking for. You could also extract out the tenant information into its own table and correlate the IDs to the data and the users.<BR /> <BR />The difficult thing here is that Activiti Community doesn't support any OOTB methods to enforce multi-tenancy rules; it just provides the ability to 'partition' data into different tenants, but the ability to implement privacy if necessary is on the developer.<BR /> <BR />Hope this helps,<BR />-JEarles</P><P><A href="https://migration33.stage.lithium.com/t5/tag/bp3/tg-p"></A>‌</P></BODY></HTML> Fri, 14 Apr 2017 17:40:29 GMT https://connect.hyland.com/t5/alfresco-forum/process-definition-and-access-control/m-p/11606#M5140 jearles 2017-04-14T17:40:29Z