From b2bef9f36d422bd554700a023e13bcf6e1dc7edd Mon Sep 17 00:00:00 2001
From: Holger Hagen <19706592+holgerhagen@users.noreply.github.com>
Date: Fri, 27 Apr 2018 13:56:23 +0200
Subject: [PATCH] TSK-365: added monitor role.

---
 .../java/pro/taskana/TaskMonitorService.java  | 46 +++++++------
 .../main/java/pro/taskana/TaskanaRole.java    |  5 +-
 .../taskana/impl/TaskMonitorServiceImpl.java  | 53 +++++++++------
 .../config/TaskanaRoleConfigAccTest.java      |  5 ++
 ...CustomAttributeValuesForReportAcctest.java | 36 ++++++++--
 .../GetTaskIdsOfCategoryReportAccTest.java    | 52 ++++++++++++---
 ...tTaskIdsOfClassificationReportAccTest.java | 50 +++++++++++++-
 .../GetTaskIdsOfWorkbasketReportAccTest.java  | 27 +++++++-
 .../ProvideCategoryReportAccTest.java         | 52 ++++++++++++---
 .../ProvideClassificationReportAccTest.java   | 59 ++++++++++++++---
 .../ProvideCustomFieldValueReportAccTest.java | 65 ++++++++++++++++---
 ...deDetailedClassificationReportAccTest.java | 58 ++++++++++++++---
 .../ProvideTaskStatusReportAccTest.java       | 51 +++++++++++----
 .../ProvideWorkbasketLevelReportAccTest.java  | 57 +++++++++++++---
 .../impl/TaskMonitorServiceImplTest.java      | 44 +++++++++----
 .../src/test/resources/taskana.properties     |  1 +
 .../src/main/resources/taskana.properties     |  1 +
 .../pro/taskana/rest/MonitorController.java   |  3 +-
 .../rest/resource/mapper/ReportMapper.java    | 11 +++-
 19 files changed, 534 insertions(+), 142 deletions(-)

diff --git a/lib/taskana-core/src/main/java/pro/taskana/TaskMonitorService.java b/lib/taskana-core/src/main/java/pro/taskana/TaskMonitorService.java
index 5c2424ede..50c055615 100644
--- a/lib/taskana-core/src/main/java/pro/taskana/TaskMonitorService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/TaskMonitorService.java
@@ -4,6 +4,7 @@ import java.util.List;
 import java.util.Map;
 
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.SelectedItem;
 import pro.taskana.impl.report.impl.CategoryReport;
 import pro.taskana.impl.report.impl.ClassificationReport;
@@ -48,7 +49,7 @@ public interface TaskMonitorService {
      */
     WorkbasketLevelReport getWorkbasketLevelReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link WorkbasketLevelReport} grouped by workbaskets. For each workbasket the report contains the total
@@ -87,7 +88,7 @@ public interface TaskMonitorService {
      */
     WorkbasketLevelReport getWorkbasketLevelReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException;
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link WorkbasketLevelReport} grouped by workbaskets. For each workbasket the report contains the total
@@ -130,7 +131,7 @@ public interface TaskMonitorService {
     WorkbasketLevelReport getWorkbasketLevelReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link CategoryReport} grouped by categories. The report contains the total numbers of tasks of the
@@ -157,7 +158,8 @@ public interface TaskMonitorService {
      *             thrown if DaysToWorkingDaysConverter is initialized with null
      */
     CategoryReport getCategoryReport(List<String> workbasketIds, List<TaskState> states, List<String> categories,
-        List<String> domains, CustomField customField, List<String> customFieldValues) throws InvalidArgumentException;
+        List<String> domains, CustomField customField, List<String> customFieldValues)
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link CategoryReport} grouped by categories. For each category the report contains the total number of
@@ -196,7 +198,7 @@ public interface TaskMonitorService {
      */
     CategoryReport getCategoryReport(List<String> workbasketIds, List<TaskState> states, List<String> categories,
         List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException;
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link CategoryReport} grouped by categories. For each category the report contains the total number of
@@ -239,7 +241,7 @@ public interface TaskMonitorService {
     CategoryReport getCategoryReport(List<String> workbasketIds, List<TaskState> states, List<String> categories,
         List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link ClassificationReport} grouped by classifications. The report contains the total numbers of tasks
@@ -267,7 +269,7 @@ public interface TaskMonitorService {
      */
     ClassificationReport getClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link ClassificationReport} grouped by classifications. For each classification the report contains
@@ -306,7 +308,7 @@ public interface TaskMonitorService {
      */
     ClassificationReport getClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException;
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link ClassificationReport} grouped by classification. For each classification the report contains the
@@ -349,7 +351,7 @@ public interface TaskMonitorService {
     ClassificationReport getClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link DetailedClassificationReport}. The report contains the total numbers of tasks of the respective
@@ -378,7 +380,7 @@ public interface TaskMonitorService {
      */
     DetailedClassificationReport getDetailedClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link DetailedClassificationReport}. For each classification the report contains the total number of
@@ -418,7 +420,7 @@ public interface TaskMonitorService {
      */
     DetailedClassificationReport getDetailedClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException;
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link DetailedClassificationReport}. For each classification the report contains the total number of
@@ -462,7 +464,7 @@ public interface TaskMonitorService {
     DetailedClassificationReport getDetailedClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link CustomFieldValueReport} grouped by the value of a certain {@link CustomField}. The report
@@ -489,7 +491,7 @@ public interface TaskMonitorService {
      */
     CustomFieldValueReport getCustomFieldValueReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link CustomFieldValueReport} grouped by the value of a certain {@link CustomField}. For each value of
@@ -527,7 +529,7 @@ public interface TaskMonitorService {
      */
     CustomFieldValueReport getCustomFieldValueReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException;
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@link CustomFieldValueReport} grouped by the value of a certain {@link CustomField}. For each value of
@@ -570,7 +572,7 @@ public interface TaskMonitorService {
         List<String> categories,
         List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a list of all task ids in the selected items of a {@link pro.taskana.impl.report.Report}. By default the
@@ -587,10 +589,6 @@ public interface TaskMonitorService {
      *            a list of categories to filter by categories. To omit this filter, use null for this parameter
      * @param domains
      *            a list of domains to filter by domains. To omit this filter, use null for this parameter
-     * @param classificationKeys
-     *            a list of task classification key to filter. To omit this filter, use null for this parameter
-     * @param excludedClassificationKeys
-     *            a list of task classification key to exclude. To omit this filter, use null for this parameter
      * @param customField
      *            a custom field to filter by the values of the custom field. To omit this filter, use null for this
      *            parameter
@@ -620,7 +618,7 @@ public interface TaskMonitorService {
         List<String> excludedClassificationKeys, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays, List<SelectedItem> selectedItems,
         String dimension)
-        throws InvalidArgumentException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a list of distinct custom attribute values for the selection from the entire task pool.
@@ -650,14 +648,14 @@ public interface TaskMonitorService {
     List<String> getCustomAttributeValuesForReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, List<String> classificationIds,
         List<String> excludedClassificationIds, Map<String, String> customAttributeFilter,
-        String customAttributeName) throws InvalidArgumentException;
+        String customAttributeName) throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Overloaded method for {@link #getTaskStatusReport(List, List)}. This method omits all filters.
      *
      * @return the {@link TaskStatusReport}
      */
-    TaskStatusReport getTaskStatusReport();
+    TaskStatusReport getTaskStatusReport() throws NotAuthorizedException;
 
     /**
      * Overloaded method for {@link #getTaskStatusReport(List, List)}. This method applies a domain filter and omits the
@@ -667,7 +665,7 @@ public interface TaskMonitorService {
      *            a list of domains to filter by domains. To omit this filter, use null for this parameter
      * @return the {@link TaskStatusReport}
      */
-    TaskStatusReport getTaskStatusReport(List<String> domains);
+    TaskStatusReport getTaskStatusReport(List<String> domains) throws NotAuthorizedException;
 
     /**
      * Returns a {@link TaskStatusReport}. For each domain the report contains the total number of tasks, clustered in
@@ -680,6 +678,6 @@ public interface TaskMonitorService {
      *            a list of domains to filter by domains. To omit this filter, use null for this parameter
      * @return the {@link TaskStatusReport}
      */
-    TaskStatusReport getTaskStatusReport(List<String> domains, List<TaskState> states);
+    TaskStatusReport getTaskStatusReport(List<String> domains, List<TaskState> states) throws NotAuthorizedException;
 
 }
diff --git a/lib/taskana-core/src/main/java/pro/taskana/TaskanaRole.java b/lib/taskana-core/src/main/java/pro/taskana/TaskanaRole.java
index 4368400da..e9c1c9200 100644
--- a/lib/taskana-core/src/main/java/pro/taskana/TaskanaRole.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/TaskanaRole.java
@@ -6,7 +6,8 @@ package pro.taskana;
 public enum TaskanaRole {
     USER("taskana.roles.user"),
     BUSINESS_ADMIN("taskana.roles.businessadmin"),
-    ADMIN("taskana.roles.admin");
+    ADMIN("taskana.roles.admin"),
+    MONITOR("taskana.roles.monitor");
 
     private final String propertyName;
 
@@ -21,6 +22,8 @@ public enum TaskanaRole {
             return TaskanaRole.BUSINESS_ADMIN;
         } else if (ADMIN.propertyName.equalsIgnoreCase(name)) {
             return TaskanaRole.ADMIN;
+        } else if (MONITOR.propertyName.equalsIgnoreCase(name)) {
+            return TaskanaRole.MONITOR;
         } else {
             return null;
         }
diff --git a/lib/taskana-core/src/main/java/pro/taskana/impl/TaskMonitorServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/impl/TaskMonitorServiceImpl.java
index a3185674d..a00681d89 100644
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/TaskMonitorServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/TaskMonitorServiceImpl.java
@@ -11,7 +11,9 @@ import pro.taskana.CustomField;
 import pro.taskana.TaskMonitorService;
 import pro.taskana.TaskState;
 import pro.taskana.TaskanaEngine;
+import pro.taskana.TaskanaRole;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.report.impl.CategoryReport;
 import pro.taskana.impl.report.impl.ClassificationReport;
 import pro.taskana.impl.report.impl.CustomFieldValueReport;
@@ -44,7 +46,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public WorkbasketLevelReport getWorkbasketLevelReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         return getWorkbasketLevelReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             Collections.emptyList(), false);
     }
@@ -52,7 +54,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public WorkbasketLevelReport getWorkbasketLevelReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException {
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException {
         return getWorkbasketLevelReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             columnHeaders, true);
     }
@@ -61,7 +63,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     public WorkbasketLevelReport getWorkbasketLevelReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getWorkbasketLevelReport(workbasketIds = {}, states = {}, categories = {}, "
                 + "domains = {}, customField = {}, customFieldValues = {}, columnHeaders = {}, "
@@ -70,6 +72,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(customFieldValues), LoggerUtils.listToString(columnHeaders),
                 inWorkingDays);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
 
@@ -91,7 +94,8 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
 
     @Override
     public CategoryReport getCategoryReport(List<String> workbasketIds, List<TaskState> states, List<String> categories,
-        List<String> domains, CustomField customField, List<String> customFieldValues) throws InvalidArgumentException {
+        List<String> domains, CustomField customField, List<String> customFieldValues)
+        throws InvalidArgumentException, NotAuthorizedException {
         return getCategoryReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             Collections.emptyList(),
             false);
@@ -100,7 +104,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public CategoryReport getCategoryReport(List<String> workbasketIds, List<TaskState> states, List<String> categories,
         List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException {
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException {
         return getCategoryReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             columnHeaders, true);
     }
@@ -108,7 +112,8 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public CategoryReport getCategoryReport(List<String> workbasketIds, List<TaskState> states, List<String> categories,
         List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays) throws InvalidArgumentException {
+        List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
+        throws InvalidArgumentException, NotAuthorizedException {
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getCategoryReport(workbasketIds = {}, states = {}, categories = {}, "
                 + "domains = {}, customField = {}, customFieldValues = {}, reportLineItemDefinitions = {}, "
@@ -117,6 +122,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(customFieldValues), LoggerUtils.listToString(columnHeaders),
                 inWorkingDays);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
 
@@ -139,7 +145,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public ClassificationReport getClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         return getClassificationReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             Collections.emptyList(), false);
     }
@@ -147,7 +153,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public ClassificationReport getClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException {
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException {
         return getClassificationReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             columnHeaders, true);
     }
@@ -156,7 +162,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     public ClassificationReport getClassificationReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getClassificationReport(workbasketIds = {}, states = {}, categories = {}, "
                 + "domains = {}, customField = {}, customFieldValues = {}, columnHeaders = {}, "
@@ -165,6 +171,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(customFieldValues), LoggerUtils.listToString(columnHeaders),
                 inWorkingDays);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
 
@@ -187,7 +194,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public DetailedClassificationReport getDetailedClassificationReport(List<String> workbasketIds,
         List<TaskState> states, List<String> categories, List<String> domains, CustomField customField,
-        List<String> customFieldValues) throws InvalidArgumentException {
+        List<String> customFieldValues) throws InvalidArgumentException, NotAuthorizedException {
         return getDetailedClassificationReport(workbasketIds, states, categories, domains, customField,
             customFieldValues, Collections.emptyList(), false);
     }
@@ -196,7 +203,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     public DetailedClassificationReport getDetailedClassificationReport(List<String> workbasketIds,
         List<TaskState> states, List<String> categories, List<String> domains, CustomField customField,
         List<String> customFieldValues, List<TimeIntervalColumnHeader> columnHeaders)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         return getDetailedClassificationReport(workbasketIds, states, categories, domains, customField,
             customFieldValues, columnHeaders, true);
     }
@@ -205,7 +212,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     public DetailedClassificationReport getDetailedClassificationReport(List<String> workbasketIds,
         List<TaskState> states, List<String> categories, List<String> domains, CustomField customField,
         List<String> customFieldValues, List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
 
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getDetailedClassificationReport(workbasketIds = {}, states = {}, "
@@ -215,6 +222,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(domains), customField, LoggerUtils.listToString(customFieldValues),
                 LoggerUtils.listToString(columnHeaders), inWorkingDays);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
 
@@ -239,7 +247,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public CustomFieldValueReport getCustomFieldValueReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         return getCustomFieldValueReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             Collections.emptyList(), false);
     }
@@ -247,7 +255,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     @Override
     public CustomFieldValueReport getCustomFieldValueReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
-        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException {
+        List<TimeIntervalColumnHeader> columnHeaders) throws InvalidArgumentException, NotAuthorizedException {
         return getCustomFieldValueReport(workbasketIds, states, categories, domains, customField, customFieldValues,
             columnHeaders, true);
     }
@@ -256,7 +264,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     public CustomFieldValueReport getCustomFieldValueReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays)
-        throws InvalidArgumentException {
+        throws InvalidArgumentException, NotAuthorizedException {
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getCustomFieldValueReport(workbasketIds = {}, states = {}, categories = {}, "
                 + "domains = {}, customField = {}, customFieldValues = {}, columnHeaders = {}, "
@@ -265,6 +273,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(customFieldValues), LoggerUtils.listToString(columnHeaders),
                 inWorkingDays);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
 
@@ -292,7 +301,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     public List<String> getCustomAttributeValuesForReport(List<String> workbasketIds, List<TaskState> states,
         List<String> categories, List<String> domains, List<String> classificationIds,
         List<String> excludedClassificationIds, Map<String, String> customAttributeFilter,
-        String customAttributeName) throws InvalidArgumentException {
+        String customAttributeName) throws InvalidArgumentException, NotAuthorizedException {
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getCustomAttributeValuesForReport(workbasketIds = {}, states = {}, "
                 + "categories = {}, domains = {}, classificationIds = {}, excludedClassificationIds = {}, customAttributeName = {})",
@@ -301,6 +310,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(classificationIds), LoggerUtils.listToString(excludedClassificationIds),
                 customAttributeName);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
 
@@ -326,7 +336,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
         List<String> categories, List<String> domains, List<String> classificationIds,
         List<String> excludedClassificationIds, CustomField customField, List<String> customFieldValues,
         List<TimeIntervalColumnHeader> columnHeaders, boolean inWorkingDays,
-        List<SelectedItem> selectedItems, String dimension) throws InvalidArgumentException {
+        List<SelectedItem> selectedItems, String dimension) throws InvalidArgumentException, NotAuthorizedException {
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug("entry to getTaskIdsForSelectedItems(workbasketIds = {}, states = {}, "
                 + "categories = {}, domains = {}, customField = {}, customFieldValues = {}, "
@@ -338,6 +348,7 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
                 LoggerUtils.listToString(customFieldValues), LoggerUtils.listToString(columnHeaders),
                 inWorkingDays, LoggerUtils.listToString(selectedItems), dimension);
         }
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR);
         try {
             taskanaEngineImpl.openConnection();
             if (columnHeaders == null) {
@@ -371,17 +382,19 @@ public class TaskMonitorServiceImpl implements TaskMonitorService {
     }
 
     @Override
-    public TaskStatusReport getTaskStatusReport() {
+    public TaskStatusReport getTaskStatusReport() throws NotAuthorizedException {
         return getTaskStatusReport(null, null);
     }
 
     @Override
-    public TaskStatusReport getTaskStatusReport(List<String> domains) {
+    public TaskStatusReport getTaskStatusReport(List<String> domains) throws NotAuthorizedException {
         return getTaskStatusReport(domains, null);
     }
 
     @Override
-    public TaskStatusReport getTaskStatusReport(List<String> domains, List<TaskState> states) {
+    public TaskStatusReport getTaskStatusReport(List<String> domains, List<TaskState> states)
+        throws NotAuthorizedException {
+        taskanaEngineImpl.checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
         try {
             taskanaEngineImpl.openConnection();
 
diff --git a/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java b/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java
index 524478cd6..1d11e3321 100644
--- a/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/config/TaskanaRoleConfigAccTest.java
@@ -46,6 +46,11 @@ public class TaskanaRoleConfigAccTest extends TaskanaEngineImpl {
         assertTrue(businessAdmins.contains("max"));
         assertTrue(businessAdmins.contains("moritz"));
 
+        Set<String> monitorAccessIds = getConfiguration().getRoleMap().get(TaskanaRole.MONITOR);
+        assertTrue(monitorAccessIds.contains("john"));
+        assertTrue(monitorAccessIds.contains("teamlead_2"));
+        assertTrue(monitorAccessIds.contains("monitor"));
+
     }
 
     @Test
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/GetCustomAttributeValuesForReportAcctest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/GetCustomAttributeValuesForReportAcctest.java
index 6b2857b10..5ad3992eb 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/GetCustomAttributeValuesForReportAcctest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/GetCustomAttributeValuesForReportAcctest.java
@@ -16,8 +16,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.junit.runner.RunWith;
 
 import pro.taskana.TaskMonitorService;
 import pro.taskana.TaskanaEngine;
@@ -25,15 +24,18 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "classification report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class GetCustomAttributeValuesForReportAcctest {
 
-    private static final Logger LOGGER = LoggerFactory.getLogger(GetCustomAttributeValuesForReportAcctest.class);
     protected static TaskanaEngineConfiguration taskanaEngineConfiguration;
     protected static TaskanaEngine taskanaEngine;
 
@@ -56,8 +58,20 @@ public class GetCustomAttributeValuesForReportAcctest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck() throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        taskMonitorService.getCustomAttributeValuesForReport(
+            Collections.singletonList("WBI:000000000000000000000000000000000001"), null,
+            null, null, null, null, null,
+            "2");
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetCustomAttributeValuesForOneWorkbasket() throws InvalidArgumentException {
+    public void testGetCustomAttributeValuesForOneWorkbasket() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> values = taskMonitorService.getCustomAttributeValuesForReport(
@@ -71,8 +85,10 @@ public class GetCustomAttributeValuesForReportAcctest {
         assertTrue(values.contains("Teilkasko"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetCustomAttributeValuesForOneDomain() throws InvalidArgumentException {
+    public void testGetCustomAttributeValuesForOneDomain() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> values = taskMonitorService.getCustomAttributeValuesForReport(
@@ -84,8 +100,11 @@ public class GetCustomAttributeValuesForReportAcctest {
         assertEquals(26, values.size());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetCustomAttributeValuesForCustomAttribute() throws InvalidArgumentException {
+    public void testGetCustomAttributeValuesForCustomAttribute()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         Map<String, String> props = new HashMap<>();
@@ -100,8 +119,11 @@ public class GetCustomAttributeValuesForReportAcctest {
         assertEquals(12, values.size());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetCustomAttributeValuesForExcludedClassifications() throws InvalidArgumentException {
+    public void testGetCustomAttributeValuesForExcludedClassifications()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = new ArrayList<>();
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfCategoryReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfCategoryReportAccTest.java
index 171ee85dc..109da6ef8 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfCategoryReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfCategoryReportAccTest.java
@@ -14,6 +14,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import pro.taskana.CustomField;
 import pro.taskana.TaskMonitorService;
@@ -23,15 +24,19 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.SelectedItem;
 import pro.taskana.impl.TaskanaEngineImpl;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "get task ids of category report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class GetTaskIdsOfCategoryReportAccTest {
 
     protected static TaskanaEngineConfiguration taskanaEngineConfiguration;
@@ -56,8 +61,22 @@ public class GetTaskIdsOfCategoryReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck() throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
+
+        List<SelectedItem> selectedItems = new ArrayList<>();
+        taskMonitorService.getTaskIdsForSelectedItems(null, null, null, null, null,
+            null, null, null,
+            columnHeaders, true, selectedItems, TaskMonitorService.DIMENSION_CLASSIFICATION_CATEGORY);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfCategoryReport() throws InvalidArgumentException {
+    public void testGetTaskIdsOfCategoryReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -100,8 +119,11 @@ public class GetTaskIdsOfCategoryReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000032"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfCategoryReportWithWorkbasketFilter() throws InvalidArgumentException {
+    public void testGetTaskIdsOfCategoryReportWithWorkbasketFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
@@ -138,8 +160,11 @@ public class GetTaskIdsOfCategoryReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000031"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfCategoryReportWithStateFilter() throws InvalidArgumentException {
+    public void testGetTaskIdsOfCategoryReportWithStateFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TaskState> states = Collections.singletonList(TaskState.READY);
@@ -183,8 +208,11 @@ public class GetTaskIdsOfCategoryReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000032"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfCategoryReportWithCategoryFilter() throws InvalidArgumentException {
+    public void testGetTaskIdsOfCategoryReportWithCategoryFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> categories = Arrays.asList("AUTOMATIC", "MANUAL");
@@ -214,8 +242,11 @@ public class GetTaskIdsOfCategoryReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000032"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfCategoryReportWithDomainFilter() throws InvalidArgumentException {
+    public void testGetTaskIdsOfCategoryReportWithDomainFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = Collections.singletonList("DOMAIN_A");
@@ -252,8 +283,11 @@ public class GetTaskIdsOfCategoryReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000028"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfCategoryReportWithCustomFieldValueFilter() throws InvalidArgumentException {
+    public void testGetTaskIdsOfCategoryReportWithCustomFieldValueFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
@@ -293,8 +327,10 @@ public class GetTaskIdsOfCategoryReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000032"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test(expected = InvalidArgumentException.class)
-    public void testThrowsExceptionIfSubKeysAreUsed() throws InvalidArgumentException {
+    public void testThrowsExceptionIfSubKeysAreUsed() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -308,7 +344,7 @@ public class GetTaskIdsOfCategoryReportAccTest {
         s1.setUpperAgeLimit(-2);
         selectedItems.add(s1);
 
-        List<String> ids = taskMonitorService.getTaskIdsForSelectedItems(null, null, null, null, null,
+        taskMonitorService.getTaskIdsForSelectedItems(null, null, null, null, null,
             null, null, null,
             columnHeaders, true, selectedItems, TaskMonitorService.DIMENSION_CLASSIFICATION_CATEGORY);
     }
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfClassificationReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfClassificationReportAccTest.java
index 7f0ac06f9..2af539007 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfClassificationReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfClassificationReportAccTest.java
@@ -12,6 +12,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import pro.taskana.TaskMonitorService;
 import pro.taskana.TaskanaEngine;
@@ -19,15 +20,19 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.SelectedItem;
 import pro.taskana.impl.TaskanaEngineImpl;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "get task ids of classification report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class GetTaskIdsOfClassificationReportAccTest {
 
     protected static TaskanaEngineConfiguration taskanaEngineConfiguration;
@@ -52,8 +57,41 @@ public class GetTaskIdsOfClassificationReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck() throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
+
+        List<SelectedItem> selectedItems = new ArrayList<>();
+
+        SelectedItem s1 = new SelectedItem();
+        s1.setKey("L10000");
+        s1.setLowerAgeLimit(0);
+        s1.setUpperAgeLimit(0);
+        selectedItems.add(s1);
+
+        SelectedItem s2 = new SelectedItem();
+        s2.setKey("L10000");
+        s2.setLowerAgeLimit(Integer.MIN_VALUE);
+        s2.setUpperAgeLimit(-11);
+        selectedItems.add(s2);
+
+        SelectedItem s3 = new SelectedItem();
+        s3.setKey("L30000");
+        s3.setLowerAgeLimit(Integer.MIN_VALUE);
+        s3.setUpperAgeLimit(-11);
+        selectedItems.add(s3);
+
+        taskMonitorService.getTaskIdsForSelectedItems(null, null, null, null, null,
+            null, null, null,
+            columnHeaders, true, selectedItems, TaskMonitorService.DIMENSION_CLASSIFICATION_KEY);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfClassificationReport() throws InvalidArgumentException {
+    public void testGetTaskIdsOfClassificationReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -91,8 +129,11 @@ public class GetTaskIdsOfClassificationReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000006"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfClassificationReportWithAttachments() throws InvalidArgumentException {
+    public void testGetTaskIdsOfClassificationReportWithAttachments()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -128,8 +169,11 @@ public class GetTaskIdsOfClassificationReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000033"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfClassificationReportWithDomainFilter() throws InvalidArgumentException {
+    public void testGetTaskIdsOfClassificationReportWithDomainFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfWorkbasketReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfWorkbasketReportAccTest.java
index 42c39bf0f..729409bb3 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfWorkbasketReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/GetTaskIdsOfWorkbasketReportAccTest.java
@@ -13,6 +13,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import pro.taskana.TaskMonitorService;
 import pro.taskana.TaskanaEngine;
@@ -20,15 +21,19 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.SelectedItem;
 import pro.taskana.impl.TaskanaEngineImpl;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "get task ids of workbasket report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class GetTaskIdsOfWorkbasketReportAccTest {
 
     protected static TaskanaEngineConfiguration taskanaEngineConfiguration;
@@ -53,8 +58,23 @@ public class GetTaskIdsOfWorkbasketReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck() throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
+
+        List<SelectedItem> selectedItems = new ArrayList<>();
+
+        taskMonitorService.getTaskIdsForSelectedItems(null, null, null, null, null,
+            null, null, null,
+            columnHeaders, true, selectedItems, TaskMonitorService.DIMENSION_WORKBASKET_KEY);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfWorkbasketReport() throws InvalidArgumentException {
+    public void testGetTaskIdsOfWorkbasketReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -93,8 +113,11 @@ public class GetTaskIdsOfWorkbasketReportAccTest {
         assertTrue(ids.contains("TKI:000000000000000000000000000000000050"));
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTaskIdsOfWorkbasketReportWithExcludedClassifications() throws InvalidArgumentException {
+    public void testGetTaskIdsOfWorkbasketReportWithExcludedClassifications()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCategoryReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCategoryReportAccTest.java
index 40e37c469..f228dacf9 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCategoryReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCategoryReportAccTest.java
@@ -16,6 +16,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,15 +28,19 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.TaskanaEngineImpl;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.CategoryReport;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "category report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class ProvideCategoryReportAccTest {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ProvideCategoryReportAccTest.class);
@@ -61,8 +66,17 @@ public class ProvideCategoryReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck() throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        taskMonitorService.getCategoryReport(null, null, null, null, null, null);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTotalNumbersOfTasksOfCategoryReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfTasksOfCategoryReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CategoryReport report = taskMonitorService.getCategoryReport(null, null, null, null, null, null);
@@ -83,8 +97,11 @@ public class ProvideCategoryReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetCategoryReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetCategoryReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -111,8 +128,10 @@ public class ProvideCategoryReportAccTest {
         assertEquals(50, sumLineCount);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReport() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getShortListOfColumnHeaders();
@@ -137,8 +156,10 @@ public class ProvideCategoryReportAccTest {
         assertArrayEquals(new int[] {2, 2, 2, 0, 4}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReportNotInWorkingDays() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReportNotInWorkingDays() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getShortListOfColumnHeaders();
@@ -163,8 +184,11 @@ public class ProvideCategoryReportAccTest {
         assertArrayEquals(new int[] {4, 0, 2, 0, 4}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReportWithWorkbasketFilter() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReportWithWorkbasketFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
@@ -190,8 +214,10 @@ public class ProvideCategoryReportAccTest {
         assertArrayEquals(new int[] {1, 0, 1, 0, 1}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReportWithStateFilter() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReportWithStateFilter() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TaskState> states = Collections.singletonList(TaskState.READY);
@@ -217,8 +243,11 @@ public class ProvideCategoryReportAccTest {
         assertArrayEquals(new int[] {2, 2, 2, 0, 0}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReportWithCategoryFilter() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReportWithCategoryFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> categories = Arrays.asList("AUTOMATIC", "MANUAL");
@@ -242,8 +271,10 @@ public class ProvideCategoryReportAccTest {
 
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReportWithDomainFilter() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReportWithDomainFilter() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = Collections.singletonList("DOMAIN_A");
@@ -269,8 +300,11 @@ public class ProvideCategoryReportAccTest {
         assertArrayEquals(new int[] {2, 0, 0, 0, 3}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCategoryReportWithCustomFieldValueFilter() throws InvalidArgumentException {
+    public void testEachItemOfCategoryReportWithCustomFieldValueFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideClassificationReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideClassificationReportAccTest.java
index c1d7aedac..49841de16 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideClassificationReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideClassificationReportAccTest.java
@@ -16,6 +16,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,15 +28,19 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.TaskanaEngineImpl;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.ClassificationReport;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "classification report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class ProvideClassificationReportAccTest {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ProvideClassificationReportAccTest.class);
@@ -61,8 +66,19 @@ public class ProvideClassificationReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
-        @Test
-    public void testGetTotalNumbersOfTasksOfClassificationReport() throws InvalidArgumentException {
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck()
+        throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        taskMonitorService.getClassificationReport(null, null, null, null, null, null);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
+    @Test
+    public void testGetTotalNumbersOfTasksOfClassificationReport()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         ClassificationReport report = taskMonitorService.getClassificationReport(null, null, null, null, null, null);
@@ -87,8 +103,11 @@ public class ProvideClassificationReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetClassificationReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetClassificationReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> reportLineItemDefinitions = getListOfColumnsHeaders();
@@ -124,8 +143,10 @@ public class ProvideClassificationReportAccTest {
         assertEquals(50, sumLineCount);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReport() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getShortListOfColumnHeaders();
@@ -156,8 +177,11 @@ public class ProvideClassificationReportAccTest {
         assertArrayEquals(new int[] {3, 3, 0, 5, 2}, row5);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReportNotInWorkingDays() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReportNotInWorkingDays()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> reportLineItemDefinitions = getShortListOfColumnHeaders();
@@ -188,8 +212,11 @@ public class ProvideClassificationReportAccTest {
         assertArrayEquals(new int[] {6, 0, 0, 0, 7}, row5);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReportWithWorkbasketFilter() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReportWithWorkbasketFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
@@ -222,8 +249,11 @@ public class ProvideClassificationReportAccTest {
         assertArrayEquals(new int[] {2, 2, 0, 0, 0}, row5);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReportWithStateFilter() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReportWithStateFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TaskState> states = Collections.singletonList(TaskState.READY);
@@ -255,8 +285,11 @@ public class ProvideClassificationReportAccTest {
         assertArrayEquals(new int[] {3, 3, 0, 5, 0}, row5);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReportWithCategoryFilter() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReportWithCategoryFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> categories = Arrays.asList("AUTOMATIC", "MANUAL");
@@ -280,8 +313,11 @@ public class ProvideClassificationReportAccTest {
 
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReportWithDomainFilter() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReportWithDomainFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = Collections.singletonList("DOMAIN_A");
@@ -313,8 +349,11 @@ public class ProvideClassificationReportAccTest {
         assertArrayEquals(new int[] {0, 1, 0, 3, 0}, row5);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfClassificationReportWithCustomFieldValueFilter() throws InvalidArgumentException {
+    public void testEachItemOfClassificationReportWithCustomFieldValueFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCustomFieldValueReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCustomFieldValueReportAccTest.java
index 8fa4c94bc..993999797 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCustomFieldValueReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideCustomFieldValueReportAccTest.java
@@ -15,6 +15,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -26,14 +27,18 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.CustomFieldValueReport;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "classification report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class ProvideCustomFieldValueReportAccTest {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ProvideCustomFieldValueReportAccTest.class);
@@ -59,8 +64,22 @@ public class ProvideCustomFieldValueReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck()
+        throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        CustomField customField = CustomField.CUSTOM_1;
+
+        taskMonitorService.getCustomFieldValueReport(null, null, null, null,
+            customField, null);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTotalNumbersOfTasksOfCustomFieldValueReportForCustom1() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfTasksOfCustomFieldValueReportForCustom1()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
@@ -85,8 +104,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTotalNumbersOfTasksOfCustomFieldValueReportForCustom2() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfTasksOfCustomFieldValueReportForCustom2()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_2;
@@ -110,8 +132,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetCustomFieldValueReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetCustomFieldValueReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
@@ -137,8 +162,10 @@ public class ProvideCustomFieldValueReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReport() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
@@ -165,8 +192,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertArrayEquals(new int[] {3, 4, 1, 1, 6}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReportNotInWorkingDays() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReportNotInWorkingDays()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
@@ -193,8 +223,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertArrayEquals(new int[] {7, 0, 1, 0, 7}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReportWithWorkbasketFilter() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReportWithWorkbasketFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
@@ -222,8 +255,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertArrayEquals(new int[] {3, 1, 0, 0, 1}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReportWithStateFilter() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReportWithStateFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TaskState> states = Collections.singletonList(TaskState.READY);
@@ -251,8 +287,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertArrayEquals(new int[] {3, 4, 1, 1, 0}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReportWithCategoryFilter() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReportWithCategoryFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> categories = Arrays.asList("AUTOMATIC", "MANUAL");
@@ -281,8 +320,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertArrayEquals(new int[] {0, 2, 0, 0, 4}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReportWithDomainFilter() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReportWithDomainFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = Collections.singletonList("DOMAIN_A");
@@ -310,8 +352,11 @@ public class ProvideCustomFieldValueReportAccTest {
         assertArrayEquals(new int[] {1, 1, 1, 0, 3}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfCustomFieldValueReportWithCustomFieldValueFilter() throws InvalidArgumentException {
+    public void testEachItemOfCustomFieldValueReportWithCustomFieldValueFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideDetailedClassificationReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideDetailedClassificationReportAccTest.java
index 52d6100bf..d8dba1e23 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideDetailedClassificationReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideDetailedClassificationReportAccTest.java
@@ -15,6 +15,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -26,6 +27,7 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.TaskanaEngineImpl;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
@@ -34,10 +36,13 @@ import pro.taskana.impl.report.impl.DetailedClassificationReport;
 import pro.taskana.impl.report.impl.DetailedMonitorQueryItem;
 import pro.taskana.impl.report.impl.DetailedReportRow;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "detailed classification report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class ProvideDetailedClassificationReportAccTest {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ProvideDetailedClassificationReportAccTest.class);
@@ -63,8 +68,20 @@ public class ProvideDetailedClassificationReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck()
+        throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        taskMonitorService.getDetailedClassificationReport(null, null, null, null,
+            null, null);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTotalNumbersOfTasksOfDetailedClassificationReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfTasksOfDetailedClassificationReport()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         DetailedClassificationReport report = taskMonitorService.getDetailedClassificationReport(null, null, null, null,
@@ -114,8 +131,11 @@ public class ProvideDetailedClassificationReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetDetailedClassificationReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetDetailedClassificationReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -141,8 +161,10 @@ public class ProvideDetailedClassificationReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReport() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> reportLineItemDefinitions = getShortListOfColumnHeaders();
@@ -200,8 +222,11 @@ public class ProvideDetailedClassificationReportAccTest {
         assertArrayEquals(new int[] {3, 3, 0, 5, 2}, detailedLineNoAttachment5.getCells());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReportWithWorkbasketFilter() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReportWithWorkbasketFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
@@ -257,8 +282,11 @@ public class ProvideDetailedClassificationReportAccTest {
         assertArrayEquals(new int[] {2, 2, 0, 0, 0}, detailedLineNoAttachment5.getCells());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReportWithStateFilter() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReportWithStateFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TaskState> states = Collections.singletonList(TaskState.READY);
@@ -314,8 +342,11 @@ public class ProvideDetailedClassificationReportAccTest {
         assertArrayEquals(new int[] {3, 3, 0, 5, 0}, detailedLineNoAttachment5.getCells());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReportNotInWorkingDays() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReportNotInWorkingDays()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getShortListOfColumnHeaders();
@@ -373,8 +404,11 @@ public class ProvideDetailedClassificationReportAccTest {
         assertArrayEquals(new int[] {6, 0, 0, 0, 7}, detailedLineNoAttachment5.getCells());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReportWithCategoryFilter() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReportWithCategoryFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> categories = Arrays.asList("AUTOMATIC", "MANUAL");
@@ -410,8 +444,11 @@ public class ProvideDetailedClassificationReportAccTest {
 
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReportWithDomainFilter() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReportWithDomainFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = Collections.singletonList("DOMAIN_A");
@@ -467,8 +504,11 @@ public class ProvideDetailedClassificationReportAccTest {
         assertArrayEquals(new int[] {0, 1, 0, 3, 0}, detailedLineNoAttachment5.getCells());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfDetailedClassificationReportWithCustomFieldValueFilter() throws InvalidArgumentException {
+    public void testEachItemOfDetailedClassificationReportWithCustomFieldValueFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideTaskStatusReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideTaskStatusReportAccTest.java
index ac643bc4d..9fd1beea7 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideTaskStatusReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideTaskStatusReportAccTest.java
@@ -14,6 +14,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -22,16 +23,20 @@ import pro.taskana.TaskState;
 import pro.taskana.TaskanaEngine;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.ReportRow;
 import pro.taskana.impl.report.impl.TaskQueryItem;
 import pro.taskana.impl.report.impl.TaskStatusColumnHeader;
 import pro.taskana.impl.report.impl.TaskStatusReport;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "task status report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class ProvideTaskStatusReportAccTest {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ProvideWorkbasketLevelReportAccTest.class);
@@ -57,13 +62,21 @@ public class ProvideTaskStatusReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
-    @Test
-    public void testCompleteTaskStatusReport() {
-        //given
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck() throws NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
-        //when
+        taskMonitorService.getTaskStatusReport();
+    }
+
+    @WithAccessId(
+        userName = "monitor")
+    @Test
+    public void testCompleteTaskStatusReport() throws NotAuthorizedException {
+        // given
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+        // when
         TaskStatusReport report = taskMonitorService.getTaskStatusReport();
-        //then
+        // then
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug(reportToString(report));
         }
@@ -87,13 +100,23 @@ public class ProvideTaskStatusReportAccTest {
         assertEquals(50, sumRow.getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "admin")
     @Test
-    public void testCompleteTaskStatusReportWithDomainFilter() {
-        //given
+    public void testCompleteTaskStatusReportAsAdmin() throws NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
-        //when
+        taskMonitorService.getTaskStatusReport();
+    }
+
+    @WithAccessId(
+        userName = "monitor")
+    @Test
+    public void testCompleteTaskStatusReportWithDomainFilter() throws NotAuthorizedException {
+        // given
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+        // when
         TaskStatusReport report = taskMonitorService.getTaskStatusReport(asList("DOMAIN_C", "DOMAIN_A"));
-        //then
+        // then
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug(reportToString(report));
         }
@@ -113,14 +136,16 @@ public class ProvideTaskStatusReportAccTest {
         assertEquals(38, sumRow.getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testCompleteTaskStatusReportWithStateFilter() {
-        //given
+    public void testCompleteTaskStatusReportWithStateFilter() throws NotAuthorizedException {
+        // given
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
-        //when
+        // when
         TaskStatusReport report = taskMonitorService.getTaskStatusReport(null,
             Collections.singletonList(TaskState.READY));
-        //then
+        // then
         if (LOGGER.isDebugEnabled()) {
             LOGGER.debug(reportToString(report));
         }
diff --git a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideWorkbasketLevelReportAccTest.java b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideWorkbasketLevelReportAccTest.java
index 942bf644b..5aafb8ba3 100644
--- a/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideWorkbasketLevelReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/monitoring/ProvideWorkbasketLevelReportAccTest.java
@@ -16,6 +16,7 @@ import javax.sql.DataSource;
 
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,14 +28,18 @@ import pro.taskana.TaskanaEngine.ConnectionManagementMode;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.database.TestDataGenerator;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.configuration.DBCleaner;
 import pro.taskana.impl.configuration.TaskanaEngineConfigurationTest;
 import pro.taskana.impl.report.impl.TimeIntervalColumnHeader;
 import pro.taskana.impl.report.impl.WorkbasketLevelReport;
+import pro.taskana.security.JAASRunner;
+import pro.taskana.security.WithAccessId;
 
 /**
  * Acceptance test for all "workbasket level report" scenarios.
  */
+@RunWith(JAASRunner.class)
 public class ProvideWorkbasketLevelReportAccTest {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(ProvideWorkbasketLevelReportAccTest.class);
@@ -60,8 +65,19 @@ public class ProvideWorkbasketLevelReportAccTest {
         testDataGenerator.generateMonitoringTestData(dataSource);
     }
 
+    @Test(expected = NotAuthorizedException.class)
+    public void testRoleCheck()
+        throws InvalidArgumentException, NotAuthorizedException {
+        TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
+
+        taskMonitorService.getWorkbasketLevelReport(null, null, null, null, null, null);
+    }
+
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetTotalNumbersOfTasksOfWorkbasketLevelReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfTasksOfWorkbasketLevelReport()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         WorkbasketLevelReport report = taskMonitorService.getWorkbasketLevelReport(null, null, null, null, null, null);
@@ -80,8 +96,11 @@ public class ProvideWorkbasketLevelReportAccTest {
         assertEquals(50, report.getSumRow().getTotalValue());
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testGetWorkbasketLevelReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetWorkbasketLevelReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getListOfColumnHeaders();
@@ -109,8 +128,10 @@ public class ProvideWorkbasketLevelReportAccTest {
         assertEquals(50, sumLineCount);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReport() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReport() throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getShortListOfColumnHeaders();
@@ -135,8 +156,11 @@ public class ProvideWorkbasketLevelReportAccTest {
         assertArrayEquals(new int[] {2, 2, 0, 0, 6}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReportNotInWorkingDays() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReportNotInWorkingDays()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TimeIntervalColumnHeader> columnHeaders = getShortListOfColumnHeaders();
@@ -161,8 +185,11 @@ public class ProvideWorkbasketLevelReportAccTest {
         assertArrayEquals(new int[] {4, 0, 0, 0, 6}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReportWithWorkbasketFilter() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReportWithWorkbasketFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
@@ -184,8 +211,11 @@ public class ProvideWorkbasketLevelReportAccTest {
 
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReportWithStateFilter() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReportWithStateFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<TaskState> states = Collections.singletonList(TaskState.READY);
@@ -211,8 +241,11 @@ public class ProvideWorkbasketLevelReportAccTest {
         assertArrayEquals(new int[] {2, 2, 0, 0, 0}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReportWithCategoryFilter() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReportWithCategoryFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> categories = Arrays.asList("AUTOMATIC", "MANUAL");
@@ -240,8 +273,11 @@ public class ProvideWorkbasketLevelReportAccTest {
 
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReportWithDomainFilter() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReportWithDomainFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         List<String> domains = Collections.singletonList("DOMAIN_A");
@@ -268,8 +304,11 @@ public class ProvideWorkbasketLevelReportAccTest {
         assertArrayEquals(new int[] {1, 1, 0, 0, 2}, row3);
     }
 
+    @WithAccessId(
+        userName = "monitor")
     @Test
-    public void testEachItemOfWorkbasketLevelReportWithCustomFieldValueFilter() throws InvalidArgumentException {
+    public void testEachItemOfWorkbasketLevelReportWithCustomFieldValueFilter()
+        throws InvalidArgumentException, NotAuthorizedException {
         TaskMonitorService taskMonitorService = taskanaEngine.getTaskMonitorService();
 
         CustomField customField = CustomField.CUSTOM_1;
diff --git a/lib/taskana-core/src/test/java/pro/taskana/impl/TaskMonitorServiceImplTest.java b/lib/taskana-core/src/test/java/pro/taskana/impl/TaskMonitorServiceImplTest.java
index d1db7c2b4..8b9581aae 100644
--- a/lib/taskana-core/src/test/java/pro/taskana/impl/TaskMonitorServiceImplTest.java
+++ b/lib/taskana-core/src/test/java/pro/taskana/impl/TaskMonitorServiceImplTest.java
@@ -32,6 +32,7 @@ import pro.taskana.TaskMonitorService;
 import pro.taskana.TaskState;
 import pro.taskana.configuration.TaskanaEngineConfiguration;
 import pro.taskana.exceptions.InvalidArgumentException;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.report.impl.CategoryReport;
 import pro.taskana.impl.report.impl.ClassificationReport;
 import pro.taskana.impl.report.impl.CustomFieldValueReport;
@@ -74,7 +75,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTotalNumbersOfWorkbasketLevelReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfWorkbasketLevelReport() throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -94,6 +95,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -109,7 +111,8 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetWorkbasketLevelReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetWorkbasketLevelReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -132,6 +135,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues, reportLineItemDefinitions);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -147,7 +151,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTotalNumbersOfCatgoryReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfCatgoryReport() throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -167,6 +171,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -180,7 +185,8 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetCategoryReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetCategoryReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -203,6 +209,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues, reportLineItemDefinitions);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -217,7 +224,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTotalNumbersOfClassificationReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfClassificationReport() throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -237,6 +244,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -251,7 +259,8 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetClassificationReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetClassificationReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -275,6 +284,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues, reportLineItemDefinitions);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -290,7 +300,8 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTotalNumbersOfDetailedClassificationReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfDetailedClassificationReport()
+        throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -311,6 +322,7 @@ public class TaskMonitorServiceImplTest {
             categories, domains, customField, customFieldValues);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -327,7 +339,8 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetDetailedClassificationReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetDetailedClassificationReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -351,6 +364,7 @@ public class TaskMonitorServiceImplTest {
             categories, domains, customField, customFieldValues, reportLineItemDefinitions);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -370,7 +384,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTotalNumbersOfCustomFieldValueReport() throws InvalidArgumentException {
+    public void testGetTotalNumbersOfCustomFieldValueReport() throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -391,6 +405,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -405,7 +420,8 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetCustomFieldValueReportWithReportLineItemDefinitions() throws InvalidArgumentException {
+    public void testGetCustomFieldValueReportWithReportLineItemDefinitions()
+        throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -429,6 +445,7 @@ public class TaskMonitorServiceImplTest {
             customField, customFieldValues, reportLineItemDefinitions);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -444,7 +461,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTaskIdsForSelectedItems() throws InvalidArgumentException {
+    public void testGetTaskIdsForSelectedItems() throws InvalidArgumentException, NotAuthorizedException {
         List<String> workbasketIds = Collections.singletonList("WBI:000000000000000000000000000000000001");
         List<TaskState> states = Arrays.asList(TaskState.CLAIMED, TaskState.READY);
         List<String> categories = Collections.singletonList("EXTERN");
@@ -473,6 +490,7 @@ public class TaskMonitorServiceImplTest {
             TaskMonitorService.DIMENSION_CLASSIFICATION_CATEGORY);
 
         verify(taskanaEngineImplMock, times(1)).openConnection();
+        verify(taskanaEngineImplMock, times(1)).checkRoleMembership(any());
         verify(taskanaEngineImplMock, times(2)).getConfiguration();
         verify(taskanaEngineConfiguration, times(1)).isGermanPublicHolidaysEnabled();
         verify(taskanaEngineConfiguration, times(1)).getCustomHolidays();
@@ -487,7 +505,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTaskStateReportWithoutFilters() {
+    public void testGetTaskStateReportWithoutFilters() throws NotAuthorizedException {
         // given
         TaskQueryItem queryItem1 = new TaskQueryItem();
         queryItem1.setCount(50);
@@ -518,7 +536,7 @@ public class TaskMonitorServiceImplTest {
     }
 
     @Test
-    public void testGetTotalNumberOfTaskStateReport() {
+    public void testGetTotalNumberOfTaskStateReport() throws NotAuthorizedException {
         // given
         TaskQueryItem queryItem1 = new TaskQueryItem();
         queryItem1.setCount(50);
diff --git a/lib/taskana-core/src/test/resources/taskana.properties b/lib/taskana-core/src/test/resources/taskana.properties
index 4f1dc728e..656883d3d 100644
--- a/lib/taskana-core/src/test/resources/taskana.properties
+++ b/lib/taskana-core/src/test/resources/taskana.properties
@@ -1,6 +1,7 @@
 taskana.roles.user = group1 | group2|teamlead_1 | teamlead_2 |user_1_1| user_1_1| user_1_2| user_2_1| user_2_2| max|elena|simone
 taskana.roles.Admin=name=konrad,Organisation=novatec|admin
 taskana.roles.businessadmin=max|Moritz|businessadmin
+taskana.roles.monitor=john|teamlead_2 | monitor
 
 taskana.domains= Domain_A  ,  DOMAIN_B
 
diff --git a/rest/taskana-rest-spring-example/src/main/resources/taskana.properties b/rest/taskana-rest-spring-example/src/main/resources/taskana.properties
index 6f27595c7..a823cd532 100644
--- a/rest/taskana-rest-spring-example/src/main/resources/taskana.properties
+++ b/rest/taskana-rest-spring-example/src/main/resources/taskana.properties
@@ -1,6 +1,7 @@
 taskana.roles.user = group1 | group2|teamlead_1 |teamlead_2 |user_1_1| user_1_1| user_1_2| user_2_1| user_2_2| max|elena|simone
 taskana.roles.Admin=name=konrad,Organisation=novatec|admin
 taskana.roles.businessadmin=max|Moritz|businessadmin
+taskana.roles.monitor=john|teamlead_2 | monitor
 taskana.domains=DOMAIN_A,DOMAIN_B,DOMAIN_C
 taskana.classification.types=TASK,DOCUMENT
 taskana.classification.categories= EXTERNAL , manual, autoMAtic  ,Process
diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/MonitorController.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/MonitorController.java
index a4c64bd04..49ee844dd 100644
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/MonitorController.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/MonitorController.java
@@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.RestController;
 
 import pro.taskana.TaskMonitorService;
 import pro.taskana.TaskState;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.rest.resource.ReportResource;
 import pro.taskana.rest.resource.mapper.ReportMapper;
 
@@ -70,7 +71,7 @@ public class MonitorController {
     @GetMapping(path = "/taskStatusReport")
     @Transactional(readOnly = true, rollbackFor = Exception.class)
     public ResponseEntity<ReportResource> getTaskStatusReport(@RequestParam(required = false) List<String> domains,
-        @RequestParam(required = false) List<TaskState> states) {
+        @RequestParam(required = false) List<TaskState> states) throws NotAuthorizedException {
         return ResponseEntity.status(HttpStatus.OK)
             .body(reportMapper.toResource(taskMonitorService.getTaskStatusReport(domains, states), domains, states));
     }
diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/resource/mapper/ReportMapper.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/resource/mapper/ReportMapper.java
index 968830a02..ca6f81956 100644
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/resource/mapper/ReportMapper.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/rest/resource/mapper/ReportMapper.java
@@ -12,6 +12,7 @@ import java.util.stream.Collectors;
 import org.springframework.stereotype.Component;
 
 import pro.taskana.TaskState;
+import pro.taskana.exceptions.NotAuthorizedException;
 import pro.taskana.impl.report.QueryItem;
 import pro.taskana.impl.report.Report;
 import pro.taskana.impl.report.ReportColumnHeader;
@@ -26,7 +27,8 @@ import pro.taskana.rest.resource.ReportResource;
 @Component
 public class ReportMapper {
 
-    public ReportResource toResource(TaskStatusReport report, List<String> domains, List<TaskState> states) {
+    public ReportResource toResource(TaskStatusReport report, List<String> domains, List<TaskState> states)
+        throws NotAuthorizedException {
         ReportResource resource = toResource(report);
         resource.add(
             linkTo(methodOn(MonitorController.class).getTaskStatusReport(domains, states))
@@ -36,7 +38,8 @@ public class ReportMapper {
 
     private <I extends QueryItem, H extends ReportColumnHeader<? super I>> ReportResource toResource(
         Report<I, H> report) {
-        String[] header = report.getColumnHeaders().stream()
+        String[] header = report.getColumnHeaders()
+            .stream()
             .map(ReportColumnHeader::getDisplayName)
             .toArray(String[]::new);
         ReportResource.MetaInformation meta = new ReportResource.MetaInformation(
@@ -46,7 +49,9 @@ public class ReportMapper {
             report.getRowDesc());
 
         // iterate over each ReportRow and transform it to a RowResource while keeping the domain key.
-        Map<String, ReportResource.RowResource> rows = report.getReportRows().entrySet().stream()
+        Map<String, ReportResource.RowResource> rows = report.getReportRows()
+            .entrySet()
+            .stream()
             .collect(Collectors.toMap(Map.Entry::getKey, i -> transformRow(i.getValue(), header)));
 
         ReportResource.RowResource sumRow = transformRow(report.getSumRow(), header);