Re: Execution of integrating user access right to bpmn processes
I'd love to help a little bit more in depth if you have some more specific questions or directions, but here's what my initial thoughts are:
BPMN Platforms in general, allow for the capability to integrate with LDAP Systems (Activiti LDAP Integration) that are essentially a repository of users and groups; these systems will then either provide a way, or provide a way to implement a data partitioning system in which a user or group is only allowed to access and interact with the parts of the system that they're given rights to. To my knowledge, this ability exists in all of the existing BPM systems on the market today.
Again, at a general level, BPMN platforms create tasks as a process proceeds through the stages of execution. Those tasks are then claimed or assigned to specific users/groups, and at that point, only those users (or group members) are able to actively interact with and complete the task. Certain systems allow non-owning users to view the task data as read-only, but then will prevent them from interacting with the system in order to update that data.
Others can certainly weigh in here, but hopefully this is a start. -JEarles