The Bonita BPM Portal, or any application that uses the Web REST API, enables user to access resources. The set of resources that a user can access is determined by default by the user's profile. This authorization mechanism ensures that users can only access the appropriate resources. This means, for example, that a user with only the User profile cannot perform actions intended for the Administrator.
REST API authorization