The user who logs in as 'pamuser' should have full design rights, but not be able to view other folders.

CA Process Automation Base (ITPAM) 4.4

It can be achieved by restricting at the EEM side. Consider example below:

1. Create 2 users, 'bob' and 'sue', in the EEM, and create 2 folders for each '/WIP/BOB_WIP/' and '/WIP/SUE_WIP/', and follow the steps as per the below tech doc:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-4-00/administrating/administer-components/administer-advanced-ca-eem-security/customize-user-access-with-ca-eem-policies/customize-access-for-a-specified-user.html

2. Add both BOB and SUE to the pamuser policy to grant basic access, but there are directions for granting rights without setting one of the default policies.

3. Once completed, Bob can log into PAM and has access only to the /WIP/BOB_WIP/ folder, and Sue only has access to the /WIP/SUE_WIP/ folder; and each user cannot see the other's processes.