Hi All, Is there a way to limit Process rights by OBS and instance? In other words, can you limit someone to run only 1 process, and they can only run it on projects in their OBS, but they maintain View - Management - All, rights.
No I don't think so ; if they can run a process then they can run it against any project that they can "see" (and View All means they can see them all).
[ i.e. if you only give the project view right out at OBS level (rather than View All) then this would be OK, but this obviously is a change to your security model ]
I haven't checked or thought it through to the end - and I agree with @Dave_3.0 in terms of the security configuration - but the only way I see this might be possible is in letting them run the process, but then the process itself is responsible for comparing the user's permission to run against the object in question, and to quickly bail out if so.
It can notify them as to why it is doing this to help mitigate the confusion they may have as to why something is there that they cannot use.
Thanks to both of you for responding. I now feel justified for suggesting we remove the View-All rights until we have time to tweak the processes. That was a good Idea Nick! It may take some time to get it implemented, but I'm sure my team can do it.
Retrieving data ...