Thanks for explanation. Sorry it took me so long to pick up on what you were trying to say :oops:
Let me explain what is happening under the covers to help describe why this is a tough thing to do.
Associated with each task type are a number of pre-built ‘privileges’. You can inspect this by opening up the privileges.xml at /WebContent/WEB-INF/privileges.xml. You’ll see a tree based editor that uses some folder icons, has a couple of levels deep and a bunch of leaf node privileges. If you click on the ‘Source’ tab at the bottom of the editor you can see the raw xmlImport directives that create a bunch of objects when deployed.
At deployment, there are a bunch of objects created in nested folders for each task type. Hanging off of each object will be an ACL (Access Control List).
At Runtime, when you access the Permissions Management, all the privileges associated with each Task is accessed (by recursively descending through folders) and all the ACLs are explosed for management.
So, if you’ve configured user ‘Joe’ to be able to View Task Data and View Comments, then there will be two ACEs (Access Control Entry) created. One hanging off of the View Task Data privilege object and one associated with the View Comments privilege object. Please note, both of these are associated with a specific unique Task Type. So if ‘Joe’ is supposed to interact with two task types in this example, four different ACEs would need to be created.
What i think you desire (and it is a reasonable request) is to be able to define that a particular role of user called “NormalTaskUser-Role” has access to about a dozen or so of the privilege objects within the Privilege folder structure. But not just for one task, for many tasks.
It would be a bit like grouping a bunch of child nodes from a bunch of different folders together into a virtual group that could share one ACL. You wouldn’t actually move those nodes, just have them share a single ACL.
In fact, we do have this construct. It is called Security Realms. It allows an Admin to associate N number of objects together to share one ACL regardless of where they live in the MWS taxonomy.
You can read more about Security Realms in Chapter 9 (Managing Permissions) -> Using Security Realms in the Administering My webMethods Server pdf.
I haven’t specifically attempted this technique, but i suspect that it might work for you. However, i would recommend a very tiny experiment first before proceeding too far.