in_depth_topics (#376)

* in_depth_topics

* Mostly fixing capitalized names and some foward vs back-slashes in file paths.

---------

Co-authored-by: danfunk <daniel.h.funk@gmail.com>

docs/appendices/bpmn_references.md

@@ -0,0 +1,23 @@
+# Decision Tables
+
+DMN tables are powerful tools for modeling and implementing business rules and decision logic. They allow you to define rules and their associated conditions and actions in a structured manner. By evaluating the conditions in each rule, the DMN engine can determine which rules are triggered based on the provided inputs and execute the corresponding actions. This provides a flexible and configurable approach to decision-making in various scenarios.
+
+A DMN (Decision Model and Notation) table consists of several components that help define the decision logic and structure the decision-making process. The main components of a DMN table are:
+
+## DMN Components
+
+- ***Input Variables:**** These are the variables that represent the information or data used as input for the decision. Each input variable is typically represented as a column in the table. Multiple columns represent multiple input variables.
+- ***Conditions:**** Conditions specify the criteria or constraints that need to be evaluated for each input variable. They define the rules or expressions that determine when a particular decision rule should be triggered. Conditions are usually represented in the "When" column of the table.
+- ***Actions or Expressions:**** Actions or expressions define the operations or calculations that are executed when a specific rule is triggered. They represent the logic associated with the decision outcome and are represented in the same row as the conditions in the table.
+- ***Decision Rules:**** Decision rules are the individual rows in the DMN table. Each rule represents a specific combination of conditions and actions that define the behavior or logic for a particular scenario. Decision rules combine the input conditions and output actions in a structured manner.
+- ***Hit Policy:**** The hit policy determines how the decision engine selects or combines the applicable decision rules when multiple rules are triggered. It defines the behavior for resolving conflicts or overlaps between rules. Common hit policies include "First," "Unique," "Priority," "Any," and "Collect."
+
+## Hit Policy
+
+**Unique:** Only one rule can match the given inputs. If multiple rules match, it results in an error or an undefined outcome. This policy ensures that only one result is produced.
+
+**First:** The first rule that matches the inputs is selected, and its corresponding output is returned. Other matching rules are ignored. This policy is useful when you want to prioritize the order of rules.
+
+**Collect:** All rules that match the inputs are selected, and the outputs from those rules are collected and returned as a list or a collection. This policy allows for gathering multiple results.
+
+

docs/how_to/complete_a_task_on_behalf_of_another_user.md

@@ -1,84 +0,0 @@
-# Complete a task on behalf of another user
-
-
-```{admonition} Goal
-
-👟 Steps to follow for successfully carrying out an activity and changing instance variables should it be required.
-```
-
----
-
-## 🏞 **Scenario**
-
-A task is assigned to a user who is responsible for completing it. However, due to various reasons, the user may find themselves unable to finish the task within the designated time frame. In such situations, the instance can be completed **by you** **on behalf of the user.** 
-This enables a smooth continuation of the process from the initial user's perspective, allowing them to move on to the next task when they are ready.
-
----
-
-## 📔How to guide
-
-### Step 1: Find the active Process Instance
-
-In order to locate the active Process Instance, have a look at these pages to find an active instance to suspend.
-
-[How to find an Instance assigned to someone else](https://github.com/sartography/spiff-arena/blob/ec9509339470e876c57766e45eedc9e40b7b0094/docs/how_to/find_an_Instance_assigned_to_someone_else.md)
-[How to find an Instance assigned to myself](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/find_an_Instance_assigned_to_myself.md)
-
-### Step 2: Navigate to the active User Task
-
-[How to navigate to the active User Task](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/navigate_to_an_active_process_instance.md) 
-
-
-
-### Step 3: Suspend the Process
-
-```{admonition} Note
-
-👷‍♂️ Note that you need Admin rights to complete the following steps.
-```
-
-[How to suspend a process](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/resume_a_process.md)
-
-### Step 4: Complete the task
-
-Select the highlighted activity. This will open a pop-up view of the Instance variables.
-
-#### Without amending metadata
-
-#### With amending metadata
-
-```{admonition} Note
-
-👷‍♂️ Note that you need Admin rights to complete the following steps.
-```
-
-
-- Select the highlighted activity. This will open a pop-up view of the Instance variables.
-
-- Select “Edit” which opens a code editor.
-
-- Scroll down to find the line to edit.
-
-```{admonition} Note
-ℹ️ It is important to identify if any variables require updating and which specific variables need modification in order to achieve the same result as if a user had completed the form. The outcome may vary depending on the necessary adjustments to these variables and the given scenario.
-```
-
-- Edit Metadata by changing the variables for the process instance.
-
-- Select “Save” to apply changes.
-
-- Select to execute activity. **(SCREENSHOT)**
-
-- Select the “Play” button (previously the suspend button) to resume the process.
-
-- After a few seconds, please refresh the page and ensure that it has progressed to the next activity, which should now be the current activity.
-
-| ✅ Success | 🚫 Error |
-| --- | --- |
-| With the current activity successfully completed and the workflow advanced to the next stage, the remaining steps of the process can now proceed smoothly. | In case of an error, consider adding a troubleshooting section for further assistance. |
----
-
-## 👨‍🏫Examples
-
-[**Steps for Admin** **approving on behalf of Budget owner:** ]
-

docs/how_to/edit_process_variables.md

@@ -1,7 +0,0 @@
-# How to find an Instance assigned to myself
-
-| ⚙ How do I get there \| Menu Hierarchy |
-| -------------------------------------- |
-| Process Instances > For me             |
-
-

docs/how_to/find_an_Instance_assigned_to_myself.md

@@ -1,38 +0,0 @@
-# Find an Instance assigned to myself
-
-| ⚙ How do I get there \| Menu Hierarchy |
-| -------------------------------------- |
-| Process Instances > For me             |
-
----
-
-## 📔How to guide
-
-## **Step 1: Go to 'Process Instance' tab**
-
-- To find a specific process instance, you can access the Process Instance tab.
-
-
-
-## **Step 2: Browse list** 
-
-- Look for the option labeled "For me" and select it. This will provide you with a  list of User Tasks assigned to you.
-
-## **Step 3: Select Instance**
-
-- Select the associated entry from list.
-- *Apply a filter if the Instance can not easily be located*.
-
----
-
-## *🌱Alternative*
-
-If the Instance can not be find by searhing the list, follow these steps to search for the id
-
-[How to find an Instance assigned to someone else](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/find_an_Instance_assigned_to_someone_else.md) 
-
-## **Outcome**
-
-| ✅ Success                                                    | 🚫 Error                                                      |
-| ------------------------------------------------------------ | :------------------------------------------------------------ |
-| The system will then display the parent process that contains the active instance searched for. [How to view process variables](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/view_process_variables.md) | Process instance Id does not exist ![suspend_status](images/process_instance_not_found.png) Repeat Step 2 with correct Id. Note: if the instance is not active anymore, you should be able to search for it.|

docs/how_to/find_an_Instance_assigned_to_someone_else.md

@@ -1,32 +0,0 @@
-# Find an Instance assigned to someone else
-
-| ⚙ How do I get there \| Menu hierarchy |
-| ------------------------------------ |
-| Process Instances > Find by Id       |
----
-
-## 📔How to guide
-
-
-### **Step 1: Go to Process Instance tab**
-
-- To find a specific process instance, you can access the Process Instance tab.
-
-![search_process_instance](images/search_process_instance.png)
-
-### **Step 2: Search Id**
-
-- Look for the option labeled "Find by Id" and select it. This will provide you with a field where you can enter the Process Instance Id number associated with the instance you are looking for.
-
-### **Step 3: Submit Id**
-
-- Once you have entered the Id, click on the "Submit" button to initiate the search.
-
----
-
- 
-## **Outcome**
-
-| ✅ Success | 🚫 Error |
-| --- | --- |
-| The system will then display the parent process that contains the active instance searched for. [How to view process variables](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/view_process_variables.md) | Process instance Id does not exist![Image description](images/process_instance_not_found.png) Repeat Step 2 with correct Id|

docs/how_to/navigate_to_an_active_process_instance.md

@@ -1,58 +0,0 @@
-# Navigate to an active Process Instance
-
-| ⚙ How do I get there \| Menu hierarchy |
-| ------------------------------------ |
-| [How to find an Instance assigned to someone else](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/find_an_Instance_assigned_to_someone_else.md) 
-[How to find an Instance assigned to myself](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/find_an_Instance_assigned_to_myself.md)|      |
----
-
-## 📔How to guide
-
-If the desired task or process you would like to view is not found in the parent process, it is likely that you need to access the sub-process or call activity. Follow these steps:
-
-### Subtask
-
-
-#### Step 1: Locate current active sub task
-
-#### Step 2: Select blue link icon
-
-- Select the blue arrow located on the bottom right of the highlighted activity activity, indicated in yellow.
-  
-
-![Untitled](images/active_subtask.png)
-
-```{admonition} Note
-
-🗒 Note: This could also be applied to activities that has been completed or is no longer active.
-```
-
-![Untitled](images/inactive_subtask.png)
-
-### Call Activity
-
-#### Step 1: Locate current active call activity
-
-#### Step 2: Select activity
-
-- Select the highlighted activity, indicated in yellow.
-
-![Untitled](images/active_call_process.png)
-
-```{admonition} Note
-
-🗒 Note: This could also be applied to activities that has been completed or is no longer active.
-```
-
-### Step 3: Select ‘View Call Activity Diagram’
-
-A pop-up menu will appear. Select ‘View Call Activity Diagram’ to navigate to the sub-process.
-
-```{image} images/call_activity_popup.png
-```
- 
-## **Outcome**
-
-| ✅ Success | 🚫 Error |
-| --- | --- |
-| You will be redirected to the corresponding diagram. Repeat the above steps until the highlighted activity becomes anything other than a call activity or sub task, which means you will find yourself in the lowest active process.|None

docs/how_to/resume_a_process.md

@@ -1,7 +0,0 @@
-# How to suspend a process
-
-
-| ⚙ How do I get there \| Menu hierarchy |
-| --- |
-| Find an **active** Process Instance |
-| --- |

docs/how_to/suspend_a_process.md

@@ -1,43 +0,0 @@
-# How to suspend a process
-
-
-| ⚙ How do I get there \| Menu hierarchy |
-| --- |
-| Find an **active** Process Instance |
----
-
-## 📔How to guide
-
-### **Step 1: Find the active Process Instance** 
-
-```{admonition} Note
-
-⚠ Note that the suspension of a Process Instance is only applicable to active instances. 
-If an instance is not active, it indicates that the process has already been completed, and therefore, it cannot be suspended.
-```
-
-In order to locate the active Process Instance, have a look at these pages to find an active instance to suspend.
-
-[How to find an Instance assigned to someone else](/how_to/find_an_Instance_assigned_to_someone_else)
-[How to find an Instance assigned to myself](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/find_an_Instance_assigned_to_myself.md)
-
-### **Step 2: Locate Icon** 
-
-![img|20x21](images/suspend.png)
-
-- Next to the Process Instance Id, look for the icon that resembles the icon on the right and select it to initiate the suspension of the process instance.
-
-### **Step 3: Select suspend button**
-
-- Click on the suspend button. This action will pause the process instance, granting you the ability to make edits and modifications. When ready the process can be resumed. 
-
----
-
-## **Outcome**
-
-| ✅ Success                                                     | 🚫 Error |
-| ------------------------------------------------------------- | ------- |
-| Confirm that the status has changed from ‘user_input_required’ to ‘suspended’ ![suspend_status](images/suspended.png) [Helpful links to guide next step](https://github.com/sartography/spiff-arena/blob/main/docs/how_to/resume_a_process.md) |None|
-
-
-

docs/how_to/view_process_variables.md

@@ -1,6 +0,0 @@
-# How to suspend a process
-
-
-| ⚙ How do I get there \| Menu hierarchy |
-| --- |
-| Find an **active** Process Instance |

docs/in_depth_topics/data_objects.md

@@ -0,0 +1,39 @@
+# Data Objects
+
+In BPMN (Business Process Model and Notation), a data object represents the information or data used and produced by activities within a business process. It represents the data elements or artifacts that are relevant to the process and provides a way to model the flow of data through the process.
+They help in clarifying the data flow and dependencies within the process, making it easier to understand how information is utilized and transformed throughout the process execution.
+
+## Data Input Configuration
+
+| 💻 Form | ⌨ Field Input  | 
+| --- | --- | 
+|![name_field](images/name_field.png) | **Name:** Update Customer Information  |  
+|![id_field](images/id_field.png) | **ID:** Example - updateCustomerInformation    | 
+|![name_field](images/documentation_field.png) | **Element Documentation:** URL, Raw Data, Plain Text | 
+|![name_field](images/data_object_properties.png) | **Element Documentation:** URL, Raw Data, Plain Text (only applicable for Data Object Reference) | 
+
+### Data Input
+
+![data_input](images/data_input.png) 
+
+Represents the data or information that is required as an input to initiate or execute a particular task or process. BPMN input defines the data elements that need to be provided or available for the task to be performed.
+
+### Data Output
+
+![data_output](images/data_output.png)
+
+Signifies the data or information that is generated or produced as a result of executing a task or process. BPMN output describes the data elements that are produced or modified during the execution of the task. 
+
+### Data Object Reference
+
+![data_object_reference](images/data_object_reference.png)
+
+A Data Object in BPMN typically represents a specific piece of information or a data entity that is exchanged or manipulated during the course of a business process. It can represent both physical and digital data. Examples of Data Objects include documents, forms, reports, databases, or any other data entity relevant to the process. 
+
+### Data Store
+
+![data_store](images/data_store.png) 
+
+A Data Store represents a persistent storage location where data is stored and retrieved during the course of a process. It typically represents a database, file system, or any other storage mechanism. Data Stores are used to depict the long-term storage of data that can be accessed by multiple activities or tasks within the process. They provide a centralized location for data storage and retrieval.
+
+

docs/in_depth_topics/sub-processes_and_call_activities.md

@@ -0,0 +1,40 @@
+# Sub-Processes and Call Activities
+
+Both sub-processes and call activities are useful for simplifying and organizing complex workflows by organizing workflows within a larger process. 
+
+**Reasons to use a Sub-Processes or Call Activities:**
+
+- Consolidate tasks that have either common features or collaboratively form a distinct functionality. For instance, a Notification Gateway, which includes script tasks and a service task, works together to construct and send a notification like an email.
+  
+- Group tasks where a boundary event can be efficiently applied to the entire group. For instance, instead of individually assigning a condition or timer to each task, all tasks can be included within a sub-process or call activity, where the condition or timer inherently applies to all contained tasks.
+
+## Call Process
+
+![active_call_process](images/active_call_process.png)
+
+A call process is similar to a sub-process in that it encapsulates part of a workflow, but it is designed to be reused across multiple different processes. It's essentially a stand-alone process that can be "called" into action as required by other processes. Using a call process can help to eliminate redundancy and ensure consistent execution of the process steps.
+
+**When to use a Call Process:**
+
+- **Reusability** a certain set of activities is being reused in multiple main processes, it's a good idea to define it as a call process and reuse it whenever needed by calling the process.
+  
+- **Reduce Complexity:** If your main process is becoming too complex, breaking it down into smaller, more manageable call processes can make it easier to understand and maintain.
+ 
+- **Version Control**: If a certain process may undergo changes over time but is used in multiple places, defining it as a call process allows you to make changes in one place and have those changes propagate to all instances where the process is used.
+
+- **Delegation**: When different people or teams need to be responsible for the execution of tasks within a process, a call activity can be useful and can be assigned to the most appropriate person or team.
+
+- **Access Control**: If a specific segment of a process isn't meant to be available to every user, converting it into a call process can aid in establishing access control over that particular process. Additional information about this can be found in the [Admin and Permission](../installation_integration/admin_and_permissions.md) section.
+- 
+
+## Sub-processes
+
+![active_subtask](images/active_subprocess.png) 
+
+Sub-processes are generally employed within a single process, whereas a call activity has the advantage of being reusable across multiple processes. If the conditions that warrant the use of a call activity, such as reusability, aren't necessary, a sub-process is usually the preferred option. 
+
+**When to use a sub process:**
+
+- **Consolidate similar functionalities:** When you have a group of tasks that are closely related and work well together, but don't need to be used or replicated elsewhere in other processes. 
+  
+- **Call activity is not required:** When these tasks don't meet the conditions needed for a call activity a sub-process can achieve the same goal.

docs/index.md

@@ -35,38 +35,34 @@ wish_list/wish_list.md
 spiffworkflow/navigating-spiffworkflow.md
 spiffworkflow/creatingbpmn.md
 spiffworkflow/examples.md
+spiffworkflow/process_instance.md
 ```
 
 ```{toctree}
-:maxdepth: 1
-:caption: How to
-how_to/complete_a_task_on_behalf_of_another_user.md
+:maxdepth: 3
+:caption: In Depth Topics
+in_depth_topics/sub-processes_and_call_activities.md
+in_depth_topics/data_objects.md
 
 ```
 
 ```{toctree}
 :maxdepth: 3
-:caption: Glossary
+:caption: Installation and Integration
+installation_integration/admin_and_permissions.md
+installation_integration/permission_url.md
+
+```
+
+```{toctree}
+:maxdepth: 3
+:caption: Appendices
+appendices/bpmn_references.md
 glossary/glossary.md
 learn_basics/bpmn_terminology.md
 
 ```
 
-```{toctree}
-:maxdepth: 3
-:caption: Fix me unlinked files
-how_to/complete_a_task_on_behalf_of_another_user.md
-how_to/edit_process_variables.md
-how_to/find_an_Instance_assigned_to_myself.md
-how_to/find_an_Instance_assigned_to_someone_else.md
-how_to/navigate_to_an_active_process_instance.md
-how_to/resume_a_process.md
-how_to/suspend_a_process.md
-how_to/view_process_variables.md
-spiffworkflow/process_instance.md
-```
-
-
 ## Indices and tables
 
 * [](genindex)

docs/installation_integration/admin_and_permissions.md

@@ -0,0 +1,144 @@
+# Admin and Permissions
+
+Permissions can be defined and managed at different levels such as process groups, individual processes or users. 
+
+## Setting up Admin in Config (YAML) 
+
+In order to initiate the creation of a process model, it is necessary to configure the terraform_deployed_environment.yml file by including at least one Admin user.
+
+[Git Repository - Config file](https://github.com/sartography/spiff-arena/tree/main/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions)
+
+```python
+groups:
+  admin:
+    users: [admin@spiffworkflow.org]
+
+permissions:
+  admin:
+    groups: [admin]
+    allowed_permissions: [create, read, update, delete]
+    uri: /*
+```
+
+```{admonition} uri!
+:class: info
+
+The "uri" field defines the target resource for these permissions, which is set to "/*". This indicates that the permissions apply to all resources within the system.
+```
+
+### Groups
+
+The "groups" section defines a group called "admin." This group is intended for users who have administrative privileges within the system.
+In this example, the "admin" group consists of a single user with the associated email address. Multiple groups can be added. 
+
+### Permissions 
+
+The "permissions" section specifies the permissions and access control rules for the "admin" group.
+The "admin" permission set allows members of the "admin" group to perform actions such as create, read, update, start and delete or all.
+The "allowed_permissions" field lists the specific actions that are permitted for the "admin" group.
+
+**Permissions allowed:**
+
+- create
+
+- read
+  
+- update
+  
+- delete
+
+- start
+
+- all
+  
+## Site Administration
+
+Once the basic configuration setup is completed, specifying admin rights, you generally won't require additional permissions for designing processes and using the site. However, there might be certain situations that call for access control beyond the site or group level. In such cases, you have the flexibility to define and tailor admin requirements in a more detailed manner to fulfill specific needs.
+
+### Step 1: Create Process Group
+
+From the main menu select 'Procesess' and click on the 'Add a process group' button.
+
+![add_a_process_group](images/add_a_process_group.png) 
+
+Complete the Process Groups form, by entering the 
+
+- Name (ensuring it reflects admin and permissions)
+- Identifier (which must be unique)
+- Description. 
+
+Once the required fields are filled, the form can be submitted. 
+
+![add_a_process_group](images/process_groups_tile.png)
+
+The new Process Groups tile will be available under the Process Groups view.
+
+![site_administration](images/site_administration.png) 
+
+### Step 2: Add Process Model
+
+- Select 'Add a process model' and complete the following form fields:
+- Name: Provide a descriptive name for the process model.
+- Identifier: Enter a unique identifier for the process model.
+- Description: Provide a brief description of the process model, outlining its purpose or functionality.
+- Notification Type: Specify the type of notification related to the process model.
+- Notification Address: Enter the address or destination where the notification should be sent.
+- Metadata Extraction Path: Specify the key and path or location where metadata extraction should occur within the process model.
+
+Make sure to accurately fill in all the required fields in the Process Model form to ensure proper configuration and functionality.
+
+![add_process_model](images/add_process_model.png) 
+
+### Step 3: Upload Workflows
+
+All the required workflows can be downloaded from [Github - set-permissions](https://github.com/sartography/sample-process-models/tree/sample-models-1/site-administration/set-permissions)
+
+Select to upload all downloaded files to the newly created Process model. 
+![add_file](images/add_file.png) 
+
+Upload the following files
+permissions.bpmn - _Primary file_
+groups_permissions.dmn
+users_to_groups.dmn
+![upload_file](images/upload_file.png) 
+
+the Process Model view should now include all uploaded files. 
+![upload_file](images/admin_workflows.png) 
+
+### Step 4: Understand the Process Models
+
+[Read more about DMN tables and how they work here.](../appendices/bpmn_references.md)
+
+#### Users to Groups
+
+Assess the roles and responsibilities of users within your organization or system. Look for common patterns or similarities in their job functions and tasks related to specific processes or process groups.
+
+Add a user email under the users 'column' and the group name under 'groups' and dont forget to add double quotes. 
+
+```{admonition} Note
+Based on DMN functionality, leaving the "*" column empty means that all rules ('When') will be triggered without specifyin a condition. Read more about DMN tables to understand how the rules engine can be utilized for many different scenarios.
+```
+
+![user_to_groups](images/user_to_groups.png) 
+
+#### Group Permission
+
+Now that the groups have been identified their permissions can be set by adding the group name under the "permissions_group" column. 
+
+- To determine a user's capabilities within the permissible scope, you can define specific permissions. These permissions can be combined in a sequence if multiple apply to a particular rule. For instance, ["read", "start"] indicates that the user can perform both reading and starting actions. Alternatively, [All] can be employed to grant unrestricted access.
+- The hit policy is set to "Collect" which means that all conditions that are true will be applied. [Read more about DMN tables and hit policies here.](../appendices/bpmn_references.md)
+- The permission URL can be configured to define the user's access privileges. Our objective is to streamline the process by minimizing the necessity of being familiar with the complete set of permission URLs. In most instances, utilizing BASIC and ELEVATED permissions, as well as PM/PG, should be sufficient. However, it is also feasible to directly incorporate any API URL into the permissions.
+  
+In truth what you are doing is writing an expression. In this case it would read that if the variable 'permissions_group' type string is equal to 'permissions' variable of type string then set the 'permission_url' equal to the associated value.
+
+```{admonition} Note
+If you find coding more familiar and preferable to constructing DMN tables, you may notice similarities between this DMN table and the shared permission configuration file. This similarity can help clarify or make it easier for you to understand the DMN table structure and its relation to the permission configuration. 
+```
+
+![group_permission](images/group_permission.png) 
+
+
+### Step 5: Start Process
+
+To ensure that User Groups and Permissions take effect, it is necessary to run the process at least once. Whenever changes are made to any of these diagrams, like adding a user group or permission, the process should be started and completed successfully in order for the changes to be applied.
+

docs/installation_integration/permission_url.md

@@ -0,0 +1,148 @@
+# Permission URL
+
+The permission URL, or target URI, refers to the specific endpoint or resource that is being granted permission to perform certain actions.
+
+- **PG:** [process_group_identifier]: Applies to the specified process group, including all sub process groups and process models.
+- **PM:** [process_model_identifier]: Applies to the specified process model.
+- **BASIC:** Provides basic access to complete tasks and use the site.
+- **ELEVATED:** Enables operations that require elevated permissions.
+- **ALL:** Grants access to all API endpoints, providing admin-like permissions.
+
+```{admonition} Note
+An asterisk (*) can be used as a wildcard to give access to everything within a specific category. For example, "/process-models/", allows access to all resources related to process models. 
+```
+
+## PG
+
+Process Groups permissions controls access rights granted to users or entities within that particular process model. By assigning permissions to process groups, you can determine what actions or operations users can perform within those groups. 
+
+[View GIT Repository - BASIC](https://github.com/sartography/spiff-arena/blob/main/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py#L557)
+
+```python
+def set_process_model_permissions(cls, target: str, permission_set: str) -> list[PermissionToAssign]:
+```
+
+## PM
+
+These permissions relates to process models. It defines the permissions and access rights assigned to users or entities specifically within a given process model.
+
+[View GIT Repository - BASIC](https://github.com/sartography/spiff-arena/blob/main/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py#L574)
+
+```python
+def set_process_group_permissions(cls, target: str, permission_set: str) -> list[PermissionToAssign]:
+```
+
+## BASIC 
+
+These permissions cover basic actions such as creating users and process instances, checking user existence, and reading various entities like process groups, models, and tasks.
+
+[View GIT Repository - BASIC](https://github.com/sartography/spiff-arena/blob/main/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py#L494)
+
+```python
+def set_basic_permissions(cls) -> list[PermissionToAssign]:
+```
+
+## ELEVATED 
+
+These permissions cover basic actions such as creating users and process instances, checking user existence, and reading various entities like process groups, models, and tasks.
+
+[View GIT Repository - BASIC](https://github.com/sartography/spiff-arena/blob/main/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py#L494)
+
+```python
+def explode_permissions(cls, permission_set: str, target: str) -> list[PermissionToAssign]:
+```
+
+
+## ALL
+
+The "ALL" permission grants unrestricted access to all API endpoints. It essentially provides administrator-like permissions, allowing the user to perform any action or operation available within the system.
+
+```python
+elif target == "ALL":
+            for permission in permissions:
+                permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/*"))
+        elif target.startswith("/"):
+            for permission in permissions:
+                permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri=target))
+```
+
+
+
+### ALL URLs
+
+```python
+/active-users/unregister/{last_visited_identifier}:
+  /active-users/updates/{last_visited_identifier}:
+  /authentication_callback/{service}/{auth_method}:
+  /authentications:
+  /connector-proxy/typeahead/{category}:
+  /debug/test-raise-error:
+  /debug/version-info:
+  /event-error-details/{modified_process_model_identifier}/{process_instance_id}/{process_instance_event_id}:
+  /github-webhook-receive:
+  /login:
+  /login_api:
+  /login_api_return:
+  /login_return:
+  /login_with_access_token:
+  /logout:
+  /logout_return:
+  /logs/typeahead-filter-values/{modified_process_model_identifier}/{process_instance_id}:
+  /logs/{modified_process_model_identifier}/{process_instance_id}:
+  /messages/{message_name}:
+  /messages:
+  /permissions-check:
+  /process-data-file-download/{modified_process_model_identifier}/{process_instance_id}/{process_data_identifier}:
+  /process-data/{modified_process_model_identifier}/{process_instance_id}/{process_data_identifier}:
+  /process-groups/{modified_process_group_identifier}/move:
+  /process-groups/{modified_process_group_id}:
+  /process-groups:
+  /process-instance-reset/{modified_process_model_identifier}/{process_instance_id}/{to_task_guid}:
+  /process-instance-resume/{modified_process_model_identifier}/{process_instance_id}:
+  /process-instance-suspend/{modified_process_model_identifier}/{process_instance_id}:
+  /process-instance-terminate/{modified_process_model_identifier}/{process_instance_id}:
+  /process-instances/find-by-id/{process_instance_id}:
+  /process-instances/for-me/{modified_process_model_identifier}/{process_instance_id}/task-info:
+  /process-instances/for-me/{modified_process_model_identifier}/{process_instance_id}:
+  /process-instances/for-me:
+  /process-instances/report-metadata:
+  /process-instances/reports/columns:
+  /process-instances/reports/{report_id}:
+  /process-instances/reports:
+  /process-instances/{modified_process_model_identifier}/{process_instance_id}/run:
+  /process-instances/{modified_process_model_identifier}/{process_instance_id}/task-info:
+  /process-instances/{modified_process_model_identifier}/{process_instance_id}:
+  /process-instances/{modified_process_model_identifier}:
+  /process-instances:
+  /process-model-natural-language/{modified_process_group_id}:
+  /process-model-publish/{modified_process_model_identifier}:
+  /process-model-tests/{modified_process_model_identifier}:
+  /process-models/{modified_process_group_id}:
+  /process-models/{modified_process_model_identifier}/files/{file_name}:
+  /process-models/{modified_process_model_identifier}/files:
+  /process-models/{modified_process_model_identifier}/move:
+  /process-models/{modified_process_model_identifier}/script-unit-tests/run:
+  /process-models/{modified_process_model_identifier}/script-unit-tests:
+  /process-models/{modified_process_model_identifier}:
+  /process-models:
+  /processes/callers/{bpmn_process_identifiers}:
+  /processes:
+  /secrets/{key}:
+  /secrets:
+  /send-event/{modified_process_model_identifier}/{process_instance_id}:
+  /service-tasks:
+  /status:
+  /task-complete/{modified_process_model_identifier}/{process_instance_id}/{task_guid}:
+  /task-data/{modified_process_model_identifier}/{process_instance_id}/{task_guid}:
+  /tasks/for-me:
+  /tasks/for-my-groups:
+  /tasks/for-my-open-processes:
+  /tasks/{process_instance_id}/send-user-signal-event:
+  /tasks/{process_instance_id}/{task_guid}/save-draft:
+  /tasks/{process_instance_id}/{task_guid}:
+  /tasks/{process_instance_id}:
+  /tasks:
+  /user-groups/for-current-user:
+  /users/exists/by-username:
+  /users/search:
+```