Blueriq as a Service 

Out of box the Blueriq Runtime supports security on Blueriq as a Service. In Blueriq it is possible to create your own web services, either via REST or SOAP. In order to secure a BAAS a shortcut needs to be created for the BAAS project, more information about creating shortcuts can be found here. Since Blueriq R13 it is not needed to use 'securityEnabled' anymore for the shortcut, it will always be secured when there is a role set in studio.
For an example how to set a role on a process : Authorization algorithms. Setting a role is also possible on other Blueriq items like Flows, Services etc.

Adding a role to the webservice

To secure a webservice a role must be added to the baa(r)s service. There are two methods to add roles to the service, at the service definition or at the exposed flow which is started from the webservice.

Service definition

A role can be added at the soap/rest service definition.

Exposed flow

A role can be added at the exposed  flow (which is started from the service definition). This can be useful if the flow is started from multiple contexts. Otherwise adding the role at the service definition is preferable over this option.

Security Flag at the shortcuts

The shortcuts can be secured using an extra property. Runtimes prior to Blueriq 13 will need this property, in Blueriq 13 this feature is deprecated, since adding a role to the service will be sufficient to force security. When this property is used in Blueriq (prior to 13), the security flag in the shortcuts will only work in combination with a role on the webservice.

blueriq.shortcut.SHORTCUT_NAME.securityEnabled = true

Security endpoints

These endpoints are secured when there is a role set.

REST: Runtime/server/rest/Webservice/Operation
SOAP: webservices/aaas/Webservice/Operation

The SOAP WSDL is not secured.

webservices/aaas/Webservice/aaas.wsdl