i would leave fine grained authorization out of the current 3.2 release and postpone it to one of the later releases. this requires special care as that might make it much harder to rip out the default jbpm identity component. great care has to be taken with the defaults so that the authorization is natural, but not fine grained if you replace or remove your identity component. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3999517#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...