Access restrictions on org. units, repositories and projects can be specified via kie-config-cli tool. This tool accepts any string as a role. However, Business central ignores such a custom role and the repository/org.unit/project is completely inaccessible regardless the user has the role or not. Only build-in roles admin, analyst are usable for this feature. Business central should take custom roles into account. Especially for BRMS - there are just 2 roles (admin,analyst) which gives nearly no option about these restrictions. All users that are not admins must have the role "analyst" => no granularity. Steps to reproduce: 1. add user testuser with roles admin,customrole 2. start business central 3. create some org.unit, repository 4. log in kie-config-cli 5. restrict access to the repository via add-role-repo command to "customrole" group 6. try to access the repository in Business Central using the testuser account.
Verified with BPMS-6.2.0.ER3