diff --git a/src/spiffworkflow_backend/api.yml b/src/spiffworkflow_backend/api.yml
index a3e0eeaa..e5e0db97 100755
--- a/src/spiffworkflow_backend/api.yml
+++ b/src/spiffworkflow_backend/api.yml
@@ -278,7 +278,13 @@ paths:
         required: false
         description: Get all sub process models recursively if true
         schema:
-          type: string
+          type: boolean
+      - name: filter_runnable_by_user
+        in: query
+        required: false
+        description: Get only the process models that the user can run
+        schema:
+          type: boolean
       - name: page
         in: query
         required: false
diff --git a/src/spiffworkflow_backend/config/permissions/development.yml b/src/spiffworkflow_backend/config/permissions/development.yml
index 904fdc94..8a5881a2 100644
--- a/src/spiffworkflow_backend/config/permissions/development.yml
+++ b/src/spiffworkflow_backend/config/permissions/development.yml
@@ -53,8 +53,8 @@ groups:
         lead,
       ]
 
-  hr:
-    users: [manuchehr]
+  core-contributor:
+    users: [core]
 
 permissions:
   tasks-crud:
@@ -62,26 +62,6 @@ permissions:
     users: []
     allowed_permissions: [create, read, update, delete]
     uri: /v1.0/tasks/*
-  process-model-read-all:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /v1.0/process-models/*
-  process-group-read-all:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /v1.0/process-groups/*
-  process-instance-list:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /v1.0/process-instances
-  process-instance-report-list:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /v1.0/process-instances/reports
 
   admin:
     groups: [admin]
@@ -90,7 +70,7 @@ permissions:
     uri: /*
 
   read-all:
-    groups: ["Finance Team", "Project Lead", hr, admin]
+    groups: ["Finance Team", "Project Lead", admin]
     users: []
     allowed_permissions: [read]
     uri: /*
@@ -156,3 +136,39 @@ permissions:
     users: []
     allowed_permissions: [create, read, update, delete]
     uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/*
+
+  core-admin:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:*
+  core-admin-slash:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/*
+  core-admin-models:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:*
+  core-admin-models-slash:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/*
+  core-admin-models-instantiate:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [create]
+    uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances
+  core-admin-instances:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [create]
+    uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:*
+  core-admin-instances-slash:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [create]
+    uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/*
diff --git a/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml
index 7c32ebec..8a5881a2 100644
--- a/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml
+++ b/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml
@@ -53,8 +53,8 @@ groups:
         lead,
       ]
 
-  hr:
-    users: [manuchehr]
+  core-contributor:
+    users: [core]
 
 permissions:
   tasks-crud:
@@ -70,7 +70,7 @@ permissions:
     uri: /*
 
   read-all:
-    groups: ["Finance Team", "Project Lead", hr, admin]
+    groups: ["Finance Team", "Project Lead", admin]
     users: []
     allowed_permissions: [read]
     uri: /*
@@ -136,3 +136,39 @@ permissions:
     users: []
     allowed_permissions: [create, read, update, delete]
     uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/*
+
+  core-admin:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:*
+  core-admin-slash:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/*
+  core-admin-models:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:*
+  core-admin-models-slash:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/*
+  core-admin-models-instantiate:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [create]
+    uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances
+  core-admin-instances:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [create]
+    uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:*
+  core-admin-instances-slash:
+    groups: ["core-contributor"]
+    users: []
+    allowed_permissions: [create]
+    uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/*
diff --git a/src/spiffworkflow_backend/routes/process_api_blueprint.py b/src/spiffworkflow_backend/routes/process_api_blueprint.py
index 1652cf88..9026abb0 100644
--- a/src/spiffworkflow_backend/routes/process_api_blueprint.py
+++ b/src/spiffworkflow_backend/routes/process_api_blueprint.py
@@ -349,12 +349,15 @@ def process_model_move(
 def process_model_list(
     process_group_identifier: Optional[str] = None,
     recursive: Optional[bool] = False,
+    filter_runnable_by_user: Optional[bool] = False,
     page: int = 1,
     per_page: int = 100,
 ) -> flask.wrappers.Response:
     """Process model list!"""
     process_models = ProcessModelService().get_process_models(
-        process_group_id=process_group_identifier, recursive=recursive
+        process_group_id=process_group_identifier,
+        recursive=recursive,
+        filter_runnable_by_user=filter_runnable_by_user,
     )
     batch = ProcessModelService().get_batch(
         process_models, page=page, per_page=per_page
@@ -1319,7 +1322,7 @@ def task_submit(
         task_id, process_instance, processor=processor
     )
     AuthorizationService.assert_user_can_complete_spiff_task(
-        processor, spiff_task, principal.user
+        process_instance.id, spiff_task, principal.user
     )
 
     if spiff_task.state != TaskState.READY:
diff --git a/src/spiffworkflow_backend/services/authorization_service.py b/src/spiffworkflow_backend/services/authorization_service.py
index 29ee7884..ea488f7a 100644
--- a/src/spiffworkflow_backend/services/authorization_service.py
+++ b/src/spiffworkflow_backend/services/authorization_service.py
@@ -24,9 +24,6 @@ from spiffworkflow_backend.models.user import UserModel
 from spiffworkflow_backend.models.user import UserNotFoundError
 from spiffworkflow_backend.models.user_group_assignment import UserGroupAssignmentModel
 from spiffworkflow_backend.services.group_service import GroupService
-from spiffworkflow_backend.services.process_instance_processor import (
-    ProcessInstanceProcessor,
-)
 from spiffworkflow_backend.services.user_service import UserService
 
 
@@ -393,25 +390,25 @@ class AuthorizationService:
 
     @staticmethod
     def assert_user_can_complete_spiff_task(
-        processor: ProcessInstanceProcessor,
+        process_instance_id: int,
         spiff_task: SpiffTask,
         user: UserModel,
     ) -> bool:
         """Assert_user_can_complete_spiff_task."""
         active_task = ActiveTaskModel.query.filter_by(
             task_name=spiff_task.task_spec.name,
-            process_instance_id=processor.process_instance_model.id,
+            process_instance_id=process_instance_id,
         ).first()
         if active_task is None:
             raise ActiveTaskNotFoundError(
                 f"Could find an active task with task name '{spiff_task.task_spec.name}'"
-                f" for process instance '{processor.process_instance_model.id}'"
+                f" for process instance '{process_instance_id}'"
             )
 
         if user not in active_task.potential_owners:
             raise UserDoesNotHaveAccessToTaskError(
                 f"User {user.username} does not have access to update task'{spiff_task.task_spec.name}'"
-                f" for process instance '{processor.process_instance_model.id}'"
+                f" for process instance '{process_instance_id}'"
             )
         return True
 
diff --git a/src/spiffworkflow_backend/services/process_instance_service.py b/src/spiffworkflow_backend/services/process_instance_service.py
index 3c81e1b1..34ec6a26 100644
--- a/src/spiffworkflow_backend/services/process_instance_service.py
+++ b/src/spiffworkflow_backend/services/process_instance_service.py
@@ -197,7 +197,7 @@ class ProcessInstanceService:
         a multi-instance task.
         """
         AuthorizationService.assert_user_can_complete_spiff_task(
-            processor, spiff_task, user
+            processor.process_instance_model.id, spiff_task, user
         )
 
         dot_dct = ProcessInstanceService.create_dot_dict(data)
diff --git a/src/spiffworkflow_backend/services/process_model_service.py b/src/spiffworkflow_backend/services/process_model_service.py
index f9788658..aa7da799 100644
--- a/src/spiffworkflow_backend/services/process_model_service.py
+++ b/src/spiffworkflow_backend/services/process_model_service.py
@@ -18,7 +18,9 @@ from spiffworkflow_backend.models.process_group import ProcessGroupSchema
 from spiffworkflow_backend.models.process_instance import ProcessInstanceModel
 from spiffworkflow_backend.models.process_model import ProcessModelInfo
 from spiffworkflow_backend.models.process_model import ProcessModelInfoSchema
+from spiffworkflow_backend.services.authorization_service import AuthorizationService
 from spiffworkflow_backend.services.file_system_service import FileSystemService
+from spiffworkflow_backend.services.user_service import UserService
 
 T = TypeVar("T")
 
@@ -179,7 +181,10 @@ class ProcessModelService(FileSystemService):
         raise ProcessEntityNotFoundError("process_model_not_found")
 
     def get_process_models(
-        self, process_group_id: Optional[str] = None, recursive: Optional[bool] = False
+        self,
+        process_group_id: Optional[str] = None,
+        recursive: Optional[bool] = False,
+        filter_runnable_by_user: Optional[bool] = False,
     ) -> List[ProcessModelInfo]:
         """Get process models."""
         process_models = []
@@ -201,6 +206,19 @@ class ProcessModelService(FileSystemService):
             )
             process_models.append(process_model)
         process_models.sort()
+
+        if filter_runnable_by_user:
+            user = UserService.current_user()
+            new_process_model_list = []
+            for process_model in process_models:
+                uri = f"/v1.0/process-models/{process_model.id.replace('/', ':')}/process-instances"
+                result = AuthorizationService.user_has_permission(
+                    user=user, permission="create", target_uri=uri
+                )
+                if result:
+                    new_process_model_list.append(process_model)
+            return new_process_model_list
+
         return process_models
 
     def get_process_groups(