By default, an average user can only view instances of process definitions they have created or are permitted to view. However, they can also see process definitions and instances created by other users if they have given consent. Based on the “Permissions” assigned by the admin or the user who created the definition, the average user can “View,” “Design,” or “Remove” the process instance.

Admin users can limit average users' ability to view, design, and revoke access to process instances by clicking the “Permissions” menu item.

Search and select the user(s) for whom permission needs to be set for the chosen definition. The user must type the first three characters of the definition name to begin the search. 

Select the user from the list and click the "Add" button. A confirmation message then appears in the top-right corner. 

Similarly, permissions can be assigned to users based on specific application roles, as shown in the following UI. 

The admin user can grant permissions for specific or all process instances to the selected user by checking the 'View and Design' option and deselecting the relevant checkboxes. The user can only access the permissions they are granted. 

In the above example, the “Alpha-TestUser-1” can view, design, and view all the process instances for the ”setWFStateDef" process definition. Users with the “FIPGroupA” application role can view, design, remove, and view all process instances for the “setWFStateDef” process definition.