it's currently not possible. we don't have any kind of authorization scheme in the console yet. but if you outline your use case further we can put it on the roadmap.
Do you want restrict it to certain process definitions only, or in general?
First of all thank you for your kind answer. We would like each user to log in (in the console) and be able to view and start only certain processes (the business processes he should have the right to start). A per group/per user authorization mechanism would be really great for our needs.
In that case you'd need to discuss such an authentication schema first the jBPM core team first, because if the engine doesn't have it build in, the console cannot make that up. It needs to be metadata associated with the process definition in the first place.
Does that make sense?
It does make sense and that was what I was afraid of. Is there at least a way to know which user started a process? (so that we could use a java node after the start, to check who started the process and in case cancel it)
afaik the forms engine does not pas the actor to the bpm engine/core yet. There is a jira issue for this.
Is there at least a way to know which user started a process?
not yet. but you could go ahead and raise a feature request.
from my point of view (console) something like this makes a lot of sense.
hwoever, it needs to be supported by jbpm on the first place, before I can add it to the console.
we are using jaas for the console authentication. the principal should be associate with the calling thread. maybe you can build upon that?
The issue of not knowing the actor is more basic:
It is not even possible to set a process variable with the information since it is not passed from the console to the console-integration layer in jBPM. E.g. you cannot log in jBPM who did what since the info is not there.