Forgot to add that any user can delete any process instance according to the actual setting.. isn't that a little dangerous?
Thanks in advance,
I think it should not be jBPM's responsibility to decide who should and should do whatever. jBPM is the engine, or the library. Your application should take care of all that stuff.
In my case, jBPM is my workflow and pageflow engine, and I have an extensive implementation of J2EE roles and permission sets guarding all kinds of access.
That is how it should be, I think.
Totally right Johan!