"*"

admin group has access to everything. The permissions create, read, update, and delete are the full set that is available, and "all" is a shortcut to include all permissions. "admin" ["all"] "ALL" everybody group has basic access to the system. "everybody" ["all"] "BASIC" everybody group can read all process groups and process models. "everybody" ["read"] "PG:ALL" Everybody can raise a New Demand Request "everybody" ["start"] "PM:manage-procurement:procurement:requisition-order-management:raise-new-demand-request" Finance Team group has full access to the procurement process group, including authoring child process groups and process models and administering its process instances. "Finance Team" ["all"] "PG:manage-procurement:procurement" demo group can start the customer-contracts-trade-terms process model. "demo" ["start"] "PM:manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms" demo group can start all process models under the core-contributor-invoice-management process group. "demo" ["start"] "PG:manage-procurement:procurement:core-contributor-invoice-management" demo group can start all process models under the vendor-lifecycle-management process group. "demo" ["start"] "PG:manage-procurement:vendor-lifecycle-management" test group can read and even update task data for process instances within the test process group. If a permission_uri begins with a forward slash, this grants access to an API path directly. These can include asterisk wildcards at the end. "test" ["read", "update"] "/task-data/misc:test:*" test group can start all process models under the test process group. "test" ["start"] "PG:misc:test" "u" ["start"] "PG:misc:test"