Securing IBM Business Process Manager and applications
Securing the environment involves enabling administrative security, enabling application security, creating profiles with security, and restricting access to critical functions to users or groups assigned to specific roles. For more information, see IBM Business Process Manager security roles.
Application security is turned on by default in IBM Business Process Manager and cannot be turned off.
IBM Business Process Manager security is based on the WebSphere® Application Server version 8.5 security. For detailed information, see the WebSphere Application Server Network Deployment Information Center.
For architecture considerations, see Chapter 4: Security architecture considerations in Business Process Management Design Guide: Using IBM Business Process Manager.