CDT security with user having designer access and viewer access to application

Certified Senior Developer

As we all know , we don't have security for CDT unlike other appian objects.

But I have a use case where I have to restrict the access to CDT , I just need viewer access and should  not be able to download or create new versions.

Use case : 

we created a separate group called Application Support admin . This group is basically to have a viewer access to application and to all process model

This group is to monitor process instances in prod to debug any issue .

To achieve this , we went with the below approach

1)Basic user with designer access

2)Create application specific group and provided viewer access to Application

3)We set the process model security to this group as viewer access

with  this user belong to this group able to process models with only viewer access (cant start or stop process or create any new process model) and able to see all process instances (with viewer access - cant edit process also)

But we see a risk here that, with this role - user is able to see CDT's and able to download and create new version with it. 

can some one suggest is there any way whether we can  restrict CDT access to this user.

  Discussion posts and replies are publicly visible