diff --git a/wfe-app/pom.xml b/wfe-app/pom.xml
index 4d673eb16c..25391afa4a 100644
--- a/wfe-app/pom.xml
+++ b/wfe-app/pom.xml
@@ -96,7 +96,7 @@
 			<dependency>
 				<groupId>commons-beanutils</groupId>
 				<artifactId>commons-beanutils</artifactId>
-				<version>1.8.3</version>
+				<version>1.9.2</version>
 			</dependency>
 			<dependency>
 				<groupId>javax</groupId>
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthenticationServiceDelegatePasswordLoginModuleTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthenticationServiceDelegatePasswordLoginModuleTest.java
index 56833a4681..d1d567df7f 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthenticationServiceDelegatePasswordLoginModuleTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthenticationServiceDelegatePasswordLoginModuleTest.java
@@ -27,80 +27,74 @@
 import ru.runa.wfe.user.User;
 
 public class AuthenticationServiceDelegatePasswordLoginModuleTest extends ServletTestCase {
-
-    private static final String PREFIX = AuthenticationServiceDelegatePasswordLoginModuleTest.class.getName();
-
     private static final String ACTOR1_NAME = "actor1";
-
     private static final String ACTOR2_NAME = "actor2";
-
     private static final String ACTOR_VALID_PWD = "validPWD";
 
-    private ServiceTestHelper th;
+    private final String PREFIX = getClass().getName();
 
+    private ServiceTestHelper h;
     private AuthenticationService authenticationService;
-
     private ExecutorService executorService;
 
     private Actor validActor;
 
-    protected void setUp() throws Exception {
-        th = new ServiceTestHelper(PREFIX);
-        authenticationService = th.getAuthenticationService();
-        executorService = th.getExecutorService();
-
-        validActor = th.createActorIfNotExist(PREFIX + ACTOR1_NAME, "");
-        executorService.setPassword(th.getAdminUser(), validActor, ACTOR_VALID_PWD);
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(PREFIX);
+        authenticationService = h.getAuthenticationService();
+        executorService = h.getExecutorService();
 
-        super.setUp();
+        validActor = h.createActorIfNotExist(PREFIX + ACTOR1_NAME, "");
+        executorService.setPassword(h.getAdminUser(), validActor, ACTOR_VALID_PWD);
     }
 
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        th = null;
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        h = null;
         authenticationService = null;
         executorService = null;
         validActor = null;
-        super.tearDown();
     }
 
-    public void testValidPassword() throws Exception {
+    public void testValidPassword() {
         User validSubject = authenticationService.authenticateByLoginPassword(validActor.getName(), ACTOR_VALID_PWD);
         assertEquals("authenticated subject doesn't contains actor principal", validSubject.getActor(), validActor);
     }
 
-    public void testValidPasswordWithAnotherActorWithSamePassword() throws Exception {
-        Actor actor2 = th.createActorIfNotExist(PREFIX + ACTOR2_NAME, "");
-        executorService.setPassword(th.getAdminUser(), actor2, ACTOR_VALID_PWD);
+    public void testValidPasswordWithAnotherActorWithSamePassword() {
+        Actor actor2 = h.createActorIfNotExist(PREFIX + ACTOR2_NAME, "");
+        executorService.setPassword(h.getAdminUser(), actor2, ACTOR_VALID_PWD);
 
         User validSubject = authenticationService.authenticateByLoginPassword(validActor.getName(), ACTOR_VALID_PWD);
         assertEquals("authenticated subject doesn't contains actor principal", validSubject.getActor(), validActor);
     }
 
-    public void testLoginFakeActor() throws Exception {
+    public void testLoginFakeActor() {
         try {
-            authenticationService.authenticateByLoginPassword(th.getFakeActor().getName(), ACTOR_VALID_PWD);
+            authenticationService.authenticateByLoginPassword(h.getFakeActor().getName(), ACTOR_VALID_PWD);
             fail("allowing fake actor");
         } catch (AuthenticationException e) {
-            // expected
+            // Expected.
         }
     }
 
-    public void testInValidPassword() throws Exception {
+    public void testInValidPassword() {
         try {
             authenticationService.authenticateByLoginPassword(validActor.getName(), ACTOR_VALID_PWD + "Invalid");
             fail("allowing invalid password");
         } catch (AuthenticationException e) {
-            // expected
+            // Expected.
         }
     }
 
-    public void testInValidLogin() throws Exception {
+    public void testInValidLogin() {
         try {
             authenticationService.authenticateByLoginPassword(validActor.getName() + "Invalid", ACTOR_VALID_PWD);
             fail("allowing invalid login");
         } catch (AuthenticationException e) {
-            // expected
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithPermissionTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithPermissionTest.java
index 68d5562dbe..936b2b06a2 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithPermissionTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithPermissionTest.java
@@ -17,11 +17,9 @@
  */
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-import java.util.List;
-
+import com.google.common.collect.Lists;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.InternalApplicationException;
@@ -29,82 +27,68 @@
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.user.Executor;
-
-import com.google.common.collect.Lists;
 
 /**
- * Created on 20.08.2004
- * 
+ * Created on 20.08.2004.
  */
 public class AuthorizationServiceDelegateGetExecutorsWithPermissionTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-
+    private ServiceTestHelper h;
     private AuthorizationService authorizationService;
-
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateGetExecutorsWithPermissionTest.class.getName());
-        helper.createDefaultExecutorsMap();
-
-        Collection<Permission> executorP = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroup());
-
+    protected void setUp() {
+        h = new ServiceTestHelper(AuthorizationServiceDelegateGetExecutorsWithPermissionTest.class.getName());
         authorizationService = Delegates.getAuthorizationService();
-        batchPresentation = helper.getExecutorBatchPresentation();
+        batchPresentation = h.getExecutorBatchPresentation();
 
-        authorizationService.setPermissions(helper.getAdminUser(), helper.getBaseGroupActor().getId(), executorP, helper.getBaseGroupActor());
-        authorizationService.setPermissions(helper.getAdminUser(), helper.getAuthorizedPerformerActor().getId(), executorP,
-                helper.getAuthorizedPerformerActor());
+        h.createDefaultExecutorsMap();
 
-        super.setUp();
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroup());
+        h.setPermissionsToAuthorizedActor(pp, h.getAuthorizedActor());
+        authorizationService.setPermissions(h.getAdminUser(), h.getBaseGroupActor().getId(), pp, h.getBaseGroupActor());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         authorizationService = null;
-        batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testGetExecutorsWithPermissionFakeSubject() throws Exception {
+    public void testGetExecutorsWithPermissionFakeUser() {
         try {
-            authorizationService.getExecutorsWithPermission(helper.getFakeUser(), SecuredSingleton.EXECUTORS, batchPresentation, true);
+            authorizationService.getExecutorsWithPermission(h.getFakeUser(), h.getBaseGroupActor(), batchPresentation, true);
             fail("AuthorizationDelegate.getExecutorsWithPermission() allows fake subject");
         } catch (AuthenticationException e) {
+            // Expected. Although we also can get here because user is not fake but is not allowed to read object's permissions.
         }
     }
 
-    public void testGetExecutorsWithPermissionFakeSecuredObject() throws Exception {
+    public void testGetExecutorsWithPermissionFakeObject() {
         try {
-            authorizationService.getExecutorsWithPermission(helper.getAuthorizedPerformerUser(), helper.getFakeActor(), batchPresentation, true);
+            authorizationService.getExecutorsWithPermission(h.getAuthorizedUser(), h.getFakeActor(), batchPresentation, true);
             fail("AuthorizationDelegate.getExecutorsWithPermission() allows fake SecuredObject");
         } catch (InternalApplicationException e) {
+            // Expected.
         }
     }
 
-    public void testGetExecutorsWithPermission() throws Exception {
-        List<Actor> expected = Lists.newArrayList(helper.getAuthorizedPerformerActor(), helper.getBaseGroupActor());
-        List<Executor> actual = authorizationService.getExecutorsWithPermission(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                batchPresentation, true);
+    public void testGetExecutorsWithPermission() {
+        val expected = Lists.newArrayList(h.getAuthorizedActor(), h.getBaseGroupActor());
+        val actual = authorizationService.getExecutorsWithPermission(h.getAuthorizedUser(), h.getBaseGroupActor(), batchPresentation, true);
         ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getExecutorsWithPermission() returns wrong executors", expected, actual);
     }
 
-    public void testGetExecutorsWithPermissionUnauthorized() throws Exception {
+    public void testGetExecutorsWithPermissionUnauthorized() {
         try {
-            authorizationService.getExecutorsWithPermission(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor(), batchPresentation,
-                    true);
+            authorizationService.getExecutorsWithPermission(h.getUnauthorizedUser(), h.getBaseGroupActor(), batchPresentation, true);
             fail("AuthorizationDelegate.getExecutorsWithPermission() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest.java
index e9f61fbf8b..c442c10274 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest.java
@@ -17,88 +17,78 @@
  */
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-import java.util.List;
-
+import com.google.common.collect.Lists;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.audit.SystemLog;
+import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.Group;
-
-import com.google.common.collect.Lists;
-import com.itextpdf.text.log.SysoLogger;
 
 /**
- * Created on 20.08.2004
- * 
+ * Created on 20.08.2004.
  */
 public class AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-
+    private ServiceTestHelper h;
     private AuthorizationService authorizationService;
+    private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest.class.getName());
-        helper.createDefaultExecutorsMap();
+    protected void setUp() {
+        h = new ServiceTestHelper(AuthorizationServiceDelegateGetExecutorsWithoutPermissionTest.class.getName());
+        authorizationService = Delegates.getAuthorizationService();
 
-        Collection<Permission> executorP = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroup());
+        batchPresentation = h.getExecutorBatchPresentation();
 
-        authorizationService = Delegates.getAuthorizationService();
-        authorizationService.setPermissions(helper.getAdminUser(), helper.getBaseGroupActor().getId(), executorP, helper.getBaseGroupActor());
-        super.setUp();
+        h.createDefaultExecutorsMap();
+
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroup());
+        authorizationService.setPermissions(h.getAdminUser(), h.getBaseGroupActor().getId(), pp, h.getBaseGroupActor());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         authorizationService = null;
-        super.tearDown();
     }
 
-    public void testGetExecutorsWithoutPermissionFakeSubject() throws Exception {
+    public void testGetExecutorsWithoutPermissionFakeUser() {
         try {
-            authorizationService.getExecutorsWithPermission(helper.getFakeUser(), SecuredSingleton.EXECUTORS, helper.getExecutorBatchPresentation(), false);
+            authorizationService.getExecutorsWithPermission(h.getFakeUser(), h.getBaseGroupActor(), batchPresentation, false);
             fail("AuthorizationDelegate.getExecutorsWithoutPermission() allows fake subject");
         } catch (AuthenticationException e) {
+            // Expected. Although we also can get here because user is not fake but is not allowed to read object's permissions.
         }
     }
 
-    public void testGetExecutorsWithoutPermissionFakeSecuredObject() throws Exception {
+    public void testGetExecutorsWithoutPermissionFakeObject() {
         try {
-            authorizationService.getExecutorsWithPermission(helper.getAuthorizedPerformerUser(), helper.getFakeActor(),
-                    helper.getExecutorBatchPresentation(), false);
+            authorizationService.getExecutorsWithPermission(h.getAuthorizedUser(), h.getFakeActor(), batchPresentation, false);
             fail("AuthorizationDelegate.getExecutorsWithoutPermission() allows fake SecuredObject");
         } catch (InternalApplicationException e) {
+            // Expected.
         }
     }
 
-    public void testGetExecutorsWithoutPermission() throws Exception {
-        List<Group> expected = Lists.newArrayList(helper.getBaseGroup());
-        List<Executor> actual = authorizationService.getExecutorsWithPermission(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                helper.getExecutorBatchPresentation(), false);
+    public void testGetExecutorsWithoutPermission() {
+        val expected = Lists.newArrayList(h.getBaseGroup());
+        val actual = authorizationService.getExecutorsWithPermission(h.getAuthorizedUser(), h.getBaseGroupActor(), batchPresentation, false);
         ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getExecutorsWithoutPermission() returns wrong executors", expected, actual);
     }
 
-    public void testGetExecutorsWithoutPermissionUnauthorized() throws Exception {
+    public void testGetExecutorsWithoutPermissionUnauthorized() {
         try {
-            authorizationService.getExecutorsWithPermission(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor(),
-                    helper.getExecutorBatchPresentation(), false);
+            authorizationService.getExecutorsWithPermission(h.getUnauthorizedUser(), h.getBaseGroupActor(), batchPresentation, false);
             fail("AuthorizationDelegate.getExecutorsWithoutPermission() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetOwnPermissionsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetOwnPermissionsTest.java
deleted file mode 100644
index 8986bfa28a..0000000000
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetOwnPermissionsTest.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * This file is part of the RUNA WFE project.
- * 
- * This program is free software; you can redistribute it and/or 
- * modify it under the terms of the GNU Lesser General Public License 
- * as published by the Free Software Foundation; version 2.1 
- * of the License. 
- * 
- * This program is distributed in the hope that it will be useful, 
- * but WITHOUT ANY WARRANTY; without even the implied warranty of 
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
- * GNU Lesser General Public License for more details. 
- * 
- * You should have received a copy of the GNU Lesser General Public License 
- * along with this program; if not, write to the Free Software 
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
- */
-package ru.runa.af.delegate;
-
-import java.util.Collection;
-
-import org.apache.cactus.ServletTestCase;
-
-import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
-import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.service.AuthorizationService;
-import ru.runa.wfe.service.delegate.Delegates;
-
-import com.google.common.collect.Lists;
-
-/**
- * Created on 20.08.2004
- */
-public class AuthorizationServiceDelegateGetOwnPermissionsTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-    private AuthorizationService authorizationService;
-
-    @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateGetOwnPermissionsTest.class.getName());
-        helper.createDefaultExecutorsMap();
-        Collection<Permission> executorP = Lists.newArrayList(Permission.UPDATE);
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroup());
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(Lists.newArrayList(Permission.LIST));
-        authorizationService = Delegates.getAuthorizationService();
-        super.setUp();
-    }
-
-    @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
-        authorizationService = null;
-        super.tearDown();
-    }
-
-    public void testGetOwnPermissionsFakeSubject() throws Exception {
-        try {
-            authorizationService.getIssuedPermissions(helper.getFakeUser(), helper.getBaseGroupActor(), helper.getBaseGroupActor());
-            fail("AuthorizationDelegate.getIssuedPermissions() allows fake subject");
-        } catch (AuthenticationException e) {
-        }
-    }
-
-    public void testGetOwnPermissions() throws Exception {
-        Collection<Permission> noPermission = Lists.newArrayList();
-        Collection<Permission> expected = Lists.newArrayList(Permission.READ);
-
-        Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                SecuredSingleton.EXECUTORS);
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", noPermission, actual);
-
-        authorizationService.setPermissions(helper.getAdminUser(), helper.getBaseGroupActor().getId(), expected, SecuredSingleton.EXECUTORS);
-        actual = authorizationService.getIssuedPermissions(helper.getAdminUser(), helper.getBaseGroupActor(), SecuredSingleton.EXECUTORS);
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", expected, actual);
-
-        actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup(), helper.getBaseGroupActor());
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", noPermission, actual);
-
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup().getId(), expected, helper.getBaseGroupActor());
-        actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup(), helper.getBaseGroupActor());
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", expected, actual);
-    }
-
-    public void testGetOwnPermissionsGroupPermissions() throws Exception {
-        Collection<Permission> noPermission = Lists.newArrayList();
-        Collection<Permission> expected = Lists.newArrayList(Permission.READ);
-
-        authorizationService.setPermissions(helper.getAdminUser(), helper.getBaseGroup().getId(), expected, SecuredSingleton.EXECUTORS);
-        Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAdminUser(), helper.getBaseGroupActor(),
-                SecuredSingleton.EXECUTORS);
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", noPermission, actual);
-
-    }
-
-    public void testGetOwnPermissionsUnauthorized() throws Exception {
-        try {
-            authorizationService.getIssuedPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor(), SecuredSingleton.EXECUTORS);
-            fail("AuthorizationDelegate.getIssuedPermissions() allows unauthorized operation");
-        } catch (AuthorizationException e) {
-        }
-
-        try {
-            authorizationService.getIssuedPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor(), helper.getBaseGroupActor());
-            fail("AuthorizationDelegate.getIssuedPermissions() allows unauthorized operation");
-        } catch (AuthorizationException e) {
-        }
-    }
-}
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetPermissionsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetPermissionsTest.java
index 5e32b03505..e5116d26a5 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetPermissionsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateGetPermissionsTest.java
@@ -17,13 +17,13 @@
  */
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-
+import com.google.common.collect.Lists;
+import java.util.ArrayList;
+import lombok.val;
+import lombok.var;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
@@ -31,77 +31,85 @@
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
- * Created on 20.08.2004
- * 
+ * Created on 20.08.2004.
  */
 public class AuthorizationServiceDelegateGetPermissionsTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-
+    private ServiceTestHelper h;
     private AuthorizationService authorizationService;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateGetPermissionsTest.class.getName());
-        helper.createDefaultExecutorsMap();
-
-        Collection<Permission> executorP = Lists.newArrayList(Permission.UPDATE);
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroup());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getSubGroupActor());
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(Lists.newArrayList(Permission.LIST));
+    protected void setUp() {
+        h = new ServiceTestHelper(AuthorizationServiceDelegateGetPermissionsTest.class.getName());
         authorizationService = Delegates.getAuthorizationService();
-        super.setUp();
+
+        h.createDefaultExecutorsMap();
+
+        // authorizationService.getIssuedPermissions() requires READ on subject (executors)
+        // and READ_PERMISSIONS (which is hidden and derived from READ) on object (other executors, system).
+        val pp = Lists.newArrayList(Permission.READ);
+
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroup());
+        h.setPermissionsToAuthorizedActor(pp, SecuredSingleton.SYSTEM);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         authorizationService = null;
-        super.tearDown();
     }
 
-    public void testGetPermissionsFakeSubject() throws Exception {
+    public void testGetPermissionsFakeUser() {
         try {
-            authorizationService.getIssuedPermissions(helper.getFakeUser(), helper.getBaseGroupActor(), helper.getBaseGroupActor());
+            authorizationService.getIssuedPermissions(h.getFakeUser(), h.getBaseGroupActor(), h.getBaseGroupActor());
             fail("AuthorizationDelegate.getIssuedPermissions() allows fake subject");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetPermissions() throws Exception {
-        Collection<Permission> noPermission = Lists.newArrayList();
-        Collection<Permission> expected = Lists.newArrayList(Permission.READ);
+    public void testGetPermissions() {
+        val empty = new ArrayList<Permission>();
+        val expected = Lists.newArrayList(Permission.READ);
 
-        Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                SecuredSingleton.EXECUTORS);
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", noPermission, actual);
+        var actual = authorizationService.getIssuedPermissions(h.getAuthorizedUser(), h.getBaseGroupActor(), SecuredSingleton.SYSTEM);
+        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", empty, actual);
 
-        authorizationService.setPermissions(helper.getAdminUser(), helper.getBaseGroupActor().getId(), expected, SecuredSingleton.EXECUTORS);
-        actual = authorizationService.getIssuedPermissions(helper.getAdminUser(), helper.getBaseGroupActor(), SecuredSingleton.EXECUTORS);
+        authorizationService.setPermissions(h.getAdminUser(), h.getBaseGroupActor().getId(), expected, SecuredSingleton.SYSTEM);
+        actual = authorizationService.getIssuedPermissions(h.getAuthorizedUser(), h.getBaseGroupActor(), SecuredSingleton.SYSTEM);
         ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", expected, actual);
 
-        actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup(), helper.getBaseGroupActor());
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", noPermission, actual);
+        actual = authorizationService.getIssuedPermissions(h.getAuthorizedUser(), h.getBaseGroup(), h.getBaseGroupActor());
+        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", empty, actual);
 
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup().getId(), expected, helper.getBaseGroupActor());
-        actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup(), helper.getBaseGroupActor());
+        authorizationService.setPermissions(h.getAdminUser(), h.getBaseGroup().getId(), expected, h.getBaseGroupActor());
+        actual = authorizationService.getIssuedPermissions(h.getAuthorizedUser(), h.getBaseGroup(), h.getBaseGroupActor());
         ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", expected, actual);
     }
 
-    public void testGetPermissionsUnauthorized() throws Exception {
+    public void testGetOwnPermissionsGroupPermissions() {
+        val empty = new ArrayList<Permission>();
+        val expected = Lists.newArrayList(Permission.READ);
+
+        authorizationService.setPermissions(h.getAdminUser(), h.getBaseGroup().getId(), expected, SecuredSingleton.SYSTEM);
+        val actual = authorizationService.getIssuedPermissions(h.getAdminUser(), h.getBaseGroupActor(), SecuredSingleton.SYSTEM);
+        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.getIssuedPermissions() returns wrong permissions", empty, actual);
+    }
+
+    public void testGetPermissionsUnauthorized() {
         try {
-            authorizationService.getIssuedPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor(), SecuredSingleton.EXECUTORS);
+            authorizationService.getIssuedPermissions(h.getUnauthorizedUser(), h.getBaseGroupActor(), SecuredSingleton.SYSTEM);
             fail("AuthorizationDelegate.getIssuedPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
 
         try {
-            authorizationService.getIssuedPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor(), helper.getBaseGroupActor());
+            authorizationService.getIssuedPermissions(h.getUnauthorizedUser(), h.getBaseGroupActor(), h.getBaseGroupActor());
             fail("AuthorizationDelegate.getIssuedPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedReturnsArrayTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedReturnsArrayTest.java
index 32613399d1..a92dfc1369 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedReturnsArrayTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedReturnsArrayTest.java
@@ -18,63 +18,56 @@
 
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.cactus.ServletTestCase;
-
 import com.google.common.collect.Lists;
-
+import lombok.val;
+import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.delegate.Delegates;
 
 public class AuthorizationServiceDelegateIsAllowedReturnsArrayTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-
+    private ServiceTestHelper h;
     private AuthorizationService authorizationService;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateIsAllowedTest.class.getName());
-        helper.createDefaultExecutorsMap();
+    protected void setUp() {
+        h = new ServiceTestHelper(AuthorizationServiceDelegateIsAllowedTest.class.getName());
+        authorizationService = Delegates.getAuthorizationService();
 
-        Collection<Permission> executorsP = Lists.newArrayList(Permission.CREATE);
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(executorsP);
+        h.createDefaultExecutorsMap();
 
-        Collection<Permission> executorP = Lists.newArrayList(Permission.READ, Permission.UPDATE_STATUS);
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getSubGroupActor());
+        val ppSystem = Lists.newArrayList(Permission.LOGIN);
+        h.setPermissionsToAuthorizedActor(ppSystem, SecuredSingleton.SYSTEM);
 
-        authorizationService = Delegates.getAuthorizationService();
-        super.setUp();
+        val ppExecutors = Lists.newArrayList(Permission.READ, Permission.VIEW_TASKS);
+        h.setPermissionsToAuthorizedActor(ppExecutors, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(ppExecutors, h.getSubGroupActor());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
-        helper = null;
+    protected void tearDown() {
+        h.releaseResources();
+        h = null;
         authorizationService = null;
-        super.tearDown();
     }
 
-    public void testIsAllowedFakeSubject() throws Exception {
+    public void testIsAllowedFakeUser() {
         try {
-            authorizationService.isAllowed(helper.getFakeUser(), Permission.READ, Lists.newArrayList(SecuredSingleton.EXECUTORS));
+            authorizationService.isAllowed(h.getFakeUser(), Permission.READ, Lists.newArrayList(SecuredSingleton.SYSTEM));
             fail("AuthorizationDelegate.isAllowed() allows fake subject");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testIsAllowedFakeSecuredObject() throws Exception {
+    public void testIsAllowedFakeObject() {
         try {
-            authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ, Lists.newArrayList(helper.getFakeActor()));
+            authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ, Lists.newArrayList(h.getFakeActor()));
             // TODO
             // fail("AuthorizationDelegate.isAllowed() allows fake SecuredObject");
         } catch (InternalApplicationException e) {
@@ -82,8 +75,8 @@ public void testIsAllowedFakeSecuredObject() throws Exception {
         }
 
         try {
-            authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ,
-                    Lists.newArrayList(helper.getBaseGroupActor(), helper.getFakeActor()));
+            authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ,
+                    Lists.newArrayList(h.getBaseGroupActor(), h.getFakeActor()));
             // TODO
             // fail("AuthorizationDelegate.isAllowed() allows fake SecuredObject");
         } catch (InternalApplicationException e) {
@@ -91,43 +84,41 @@ public void testIsAllowedFakeSecuredObject() throws Exception {
         }
     }
 
-    public void testIsAllowedAASystem() throws Exception {
-        boolean[] isAllowed = authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.CREATE,
-                Lists.newArrayList(SecuredSingleton.EXECUTORS));
+    public void testIsAllowedSystem() {
+        val ooSystem = Lists.newArrayList(SecuredSingleton.SYSTEM);
+
+        boolean[] isAllowed = authorizationService.isAllowed(h.getAuthorizedUser(), Permission.LOGIN, ooSystem);
         boolean[] expected = { true };
         ArrayAssert.assertEqualArrays("AuthorizationDelegate.isAllowed() returns wrong info", expected, isAllowed);
 
-        isAllowed = authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ,
-                Lists.newArrayList(SecuredSingleton.EXECUTORS));
+        isAllowed = authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ, ooSystem);
         expected = new boolean[] { false };
         ArrayAssert.assertEqualArrays("AuthorizationDelegate.isAllowed() returns wrong info", expected, isAllowed);
     }
 
-    public void testIsAllowedExecutor() throws Exception {
-        boolean[] isAllowed = authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ,
-                Lists.newArrayList(helper.getBaseGroupActor(), helper.getSubGroupActor()));
+    public void testIsAllowedExecutor() {
+        val ooActors = Lists.newArrayList(h.getBaseGroupActor(), h.getSubGroupActor());
+
+        boolean[] isAllowed = authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ, ooActors);
         boolean[] expected = { true, true };
         ArrayAssert.assertEqualArrays("AuthorizationDelegate.isAllowed() returns wrong info", expected, isAllowed);
 
-        isAllowed = authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.UPDATE,
-                Lists.newArrayList(helper.getBaseGroupActor(), helper.getSubGroupActor()));
+        isAllowed = authorizationService.isAllowed(h.getAuthorizedUser(), Permission.UPDATE, ooActors);
         expected = new boolean[] { false, false };
         ArrayAssert.assertEqualArrays("AuthorizationDelegate.isAllowed() returns wrong info", expected, isAllowed);
 
-        isAllowed = authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.UPDATE_STATUS,
-                Lists.newArrayList(helper.getBaseGroupActor(), helper.getSubGroupActor()));
+        isAllowed = authorizationService.isAllowed(h.getAuthorizedUser(), Permission.VIEW_TASKS, ooActors);
         expected = new boolean[] { true, true };
         ArrayAssert.assertEqualArrays("AuthorizationDelegate.isAllowed() returns wrong info", expected, isAllowed);
     }
 
-    public void testIsAllowedExecutorDifferentObjects() throws Exception {
+    public void testIsAllowedExecutorDifferentObjects() {
         try {
-            authorizationService.isAllowed(helper.getUnauthorizedPerformerUser(), Permission.READ,
-                    Lists.newArrayList(SecuredSingleton.EXECUTORS, helper.getBaseGroupActor(), helper.getBaseGroup()));
-            fail("No Exception: Secured objects should be of the same secured object type (EXECUTORS)");
+            authorizationService.isAllowed(h.getUnauthorizedUser(), Permission.READ,
+                    Lists.newArrayList(SecuredSingleton.SYSTEM, h.getBaseGroupActor(), h.getBaseGroup()));
+            fail("No Exception: Secured objects should be of the same secured object type (SYSTEM)");
         } catch (InternalApplicationException e) {
-            assertEquals("Secured objects should be of the same secured object type (EXECUTORS)", e.getMessage());
+            assertEquals("Secured objects should be of the same secured object type (SYSTEM)", e.getMessage());
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedTest.java
index 573746e25a..39e587a6b6 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateIsAllowedTest.java
@@ -17,96 +17,85 @@
  */
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-import java.util.List;
-
+import com.google.common.collect.Lists;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
- * Created on 20.08.2004
- * 
+ * Created on 20.08.2004.
  */
 public class AuthorizationServiceDelegateIsAllowedTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-
     private AuthorizationService authorizationService;
+    private ServiceTestHelper h;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateIsAllowedTest.class.getName());
-        helper.createDefaultExecutorsMap();
-
-        Collection<Permission> executorsP = Lists.newArrayList(Permission.CREATE);
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(executorsP);
+    protected void setUp() {
+        authorizationService = Delegates.getAuthorizationService();
+        h = new ServiceTestHelper(AuthorizationServiceDelegateIsAllowedTest.class.getName());
+        h.createDefaultExecutorsMap();
 
-        List<Permission> executorP = Lists.newArrayList(Permission.READ, Permission.UPDATE_STATUS);
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorP, helper.getBaseGroup());
+        val ppSystem = Lists.newArrayList(Permission.LOGIN);
+        h.setPermissionsToAuthorizedActor(ppSystem, SecuredSingleton.SYSTEM);
 
-        authorizationService = Delegates.getAuthorizationService();
-        super.setUp();
+        val ppExecutors = Lists.newArrayList(Permission.READ, Permission.VIEW_TASKS);
+        h.setPermissionsToAuthorizedActor(ppExecutors, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(ppExecutors, h.getBaseGroup());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         authorizationService = null;
-        super.tearDown();
     }
 
-    public void testIsAllowedFakeSubject() throws Exception {
+    public void testIsAllowedFakeUser() {
         try {
-            authorizationService.isAllowed(helper.getFakeUser(), Permission.READ, SecuredSingleton.EXECUTORS);
+            authorizationService.isAllowed(h.getFakeUser(), Permission.READ, SecuredSingleton.SYSTEM);
             fail("AuthorizationDelegate.isAllowed() allows fake subject");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testIsAllowedAASystem() throws Exception {
+    public void testIsAllowedAASystem() {
         assertTrue("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.CREATE, SecuredSingleton.EXECUTORS));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.LOGIN, SecuredSingleton.SYSTEM));
 
         assertFalse("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ, SecuredSingleton.EXECUTORS));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ, SecuredSingleton.SYSTEM));
     }
 
-    public void testIsAllowedExecutor() throws Exception {
+    public void testIsAllowedExecutor() {
         assertTrue("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ, helper.getBaseGroupActor()));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ, h.getBaseGroupActor()));
 
         assertTrue("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.UPDATE_STATUS, helper.getBaseGroupActor()));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.VIEW_TASKS, h.getBaseGroupActor()));
 
         assertFalse("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.UPDATE, helper.getBaseGroupActor()));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.UPDATE, h.getBaseGroupActor()));
 
         assertTrue("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.READ, helper.getBaseGroup()));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.READ, h.getBaseGroup()));
 
         assertTrue("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.UPDATE_STATUS, helper.getBaseGroup()));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.VIEW_TASKS, h.getBaseGroup()));
 
         assertFalse("AuthorizationDelegate.isAllowed() returns wrong info",
-                authorizationService.isAllowed(helper.getAuthorizedPerformerUser(), Permission.UPDATE, helper.getBaseGroup()));
+                authorizationService.isAllowed(h.getAuthorizedUser(), Permission.UPDATE, h.getBaseGroup()));
     }
 
-    public void testIsAllowedExecutorUnauthorized() throws Exception {
-        assertFalse(authorizationService.isAllowed(helper.getUnauthorizedPerformerUser(), Permission.READ, SecuredSingleton.EXECUTORS));
+    public void testIsAllowedExecutorUnauthorized() {
+        assertFalse(authorizationService.isAllowed(h.getUnauthorizedUser(), Permission.READ, SecuredSingleton.SYSTEM));
 
-        assertFalse(authorizationService.isAllowed(helper.getUnauthorizedPerformerUser(), Permission.READ, helper.getBaseGroupActor()));
+        assertFalse(authorizationService.isAllowed(h.getUnauthorizedUser(), Permission.READ, h.getBaseGroupActor()));
 
-        assertFalse(authorizationService.isAllowed(helper.getUnauthorizedPerformerUser(), Permission.READ, helper.getBaseGroup()));
+        assertFalse(authorizationService.isAllowed(h.getUnauthorizedUser(), Permission.READ, h.getBaseGroup()));
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest.java
index 21777be5bd..a305479932 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest.java
@@ -17,14 +17,13 @@
  */
 package ru.runa.af.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.Collection;
 import java.util.List;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
@@ -32,105 +31,86 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 
-import com.google.common.collect.Lists;
-
 /**
- * Created on 16.02.2005
+ * Created on 16.02.2005.
  */
 public class AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest extends ServletTestCase {
-    private ServiceTestHelper th;
+    private ServiceTestHelper h;
     private AuthorizationService authorizationService;
 
-    Collection<Permission> testPermission = Lists.newArrayList(Permission.READ, Permission.UPDATE);
-
-    private static String testPrefix = AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest.class.getName();
-
     private Group additionalGroup;
     private Actor additionalActor;
-
     private List<Executor> additionalActorGroupsMixed;
     private List<Long> executorIDs;
 
-    @Override
-    protected void setUp() throws Exception {
-        th = new ServiceTestHelper(testPrefix);
-
-        Collection<Permission> readUpdateExecutorPermission = Lists.newArrayList(Permission.READ, Permission.UPDATE);
+    private Collection<Permission> expected = Lists.newArrayList(Permission.READ, Permission.UPDATE);
 
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(AuthorizationServiceDelegateSetMultiExecutorsPermissionsTest.class.getName());
         authorizationService = Delegates.getAuthorizationService();
 
-        additionalActor = th.createActorIfNotExist("additionalA", "Additional Actor");
-        additionalGroup = th.createGroupIfNotExist("additionalG", "Additional Group");
-        additionalActorGroupsMixed = th.createMixedActorsGroupsArray("mixed", "Additional Mixed");
+        // authorizationService.setPermissions() requires READ on subject (mixed executors) and UPDATE_PERMISSIONS on object (additional executors).
+        val ppSubject = Lists.newArrayList(Permission.READ);
+        val ppObject = Lists.newArrayList(Permission.UPDATE_PERMISSIONS);
+
+        additionalActor = h.createActorIfNotExist("additionalA", "Additional Actor");
+        additionalGroup = h.createGroupIfNotExist("additionalG", "Additional Group");
+        additionalActorGroupsMixed = h.createMixedActorsGroupsArray("mixed", "Additional Mixed");
         executorIDs = Lists.newArrayList();
         for (Executor executor : additionalActorGroupsMixed) {
             executorIDs.add(executor.getId());
-            th.setPermissionsToAuthorizedPerformer(readUpdateExecutorPermission, executor);
+            h.setPermissionsToAuthorizedActor(ppSubject, executor);
         }
 
-        th.setPermissionsToAuthorizedPerformer(readUpdateExecutorPermission, additionalActor);
-        th.setPermissionsToAuthorizedPerformer(readUpdateExecutorPermission, additionalGroup);
-
-        super.setUp();
+        h.setPermissionsToAuthorizedActor(ppObject, additionalActor);
+        h.setPermissionsToAuthorizedActor(ppObject, additionalGroup);
     }
 
-    public void testSetPermissions() throws Exception {
-        authorizationService.setPermissions(th.getAuthorizedPerformerUser(), executorIDs, testPermission, additionalActor);
-        for (int i = 0; i < executorIDs.size(); i++) {
-            additionalActorGroupsMixed.set(i, Delegates.getExecutorService().getExecutor(th.getAuthorizedPerformerUser(), executorIDs.get(i)));
-        }
-        for (int i = 0; i < executorIDs.size(); i++) {
-            Collection<Permission> expected = authorizationService.getIssuedPermissions(th.getAuthorizedPerformerUser(),
-                    additionalActorGroupsMixed.get(i), additionalActor);
-            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", testPermission, expected);
-        }
-
-        authorizationService.setPermissions(th.getAuthorizedPerformerUser(), executorIDs, testPermission, additionalGroup);
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        authorizationService = null;
+    }
 
+    public void testSetPermissions() {
+        authorizationService.setPermissions(h.getAuthorizedUser(), executorIDs, expected, additionalActor);
         for (int i = 0; i < executorIDs.size(); i++) {
-            additionalActorGroupsMixed.set(i, Delegates.getExecutorService().getExecutor(th.getAuthorizedPerformerUser(), executorIDs.get(i)));
+            val actual = authorizationService.getIssuedPermissions(h.getAdminUser(), additionalActorGroupsMixed.get(i), additionalActor);
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", expected, actual);
         }
 
+        authorizationService.setPermissions(h.getAuthorizedUser(), executorIDs, expected, additionalGroup);
         for (int i = 0; i < executorIDs.size(); i++) {
-            Collection<Permission> expected = authorizationService.getIssuedPermissions(th.getAuthorizedPerformerUser(),
-                    additionalActorGroupsMixed.get(i), additionalGroup);
-            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", testPermission, expected);
+            val actual = authorizationService.getIssuedPermissions(h.getAdminUser(), additionalActorGroupsMixed.get(i), additionalGroup);
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", expected, actual);
         }
     }
 
-    public void testSetPermissionsFakeSubject() throws Exception {
+    public void testSetPermissionsFakeUser() {
         try {
-            authorizationService.setPermissions(th.getFakeUser(), executorIDs, testPermission, additionalActor);
+            authorizationService.setPermissions(h.getFakeUser(), executorIDs, expected, additionalActor);
             fail("AuthorizationDelegate.setPermissions() allows fake subject");
         } catch (AuthenticationException e) {
-            // This is what we expect
+            // Expected.
         }
     }
 
-    public void testSetPermissionsUnauthorized() throws Exception {
+    public void testSetPermissionsUnauthorizedUser() {
         try {
-            authorizationService.setPermissions(th.getUnauthorizedPerformerUser(), executorIDs, testPermission, additionalActor);
+            authorizationService.setPermissions(h.getUnauthorizedUser(), executorIDs, expected, additionalActor);
             fail("AuthorizationDelegate.setPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
-            // This is what we expect
+            // Expected.
         }
 
         try {
-            authorizationService.setPermissions(th.getUnauthorizedPerformerUser(), executorIDs, testPermission, additionalGroup);
+            authorizationService.setPermissions(h.getUnauthorizedUser(), executorIDs, expected, additionalGroup);
             fail("AuthorizationDelegate.setPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
-            // This is what we expect
+            // Expected.
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        authorizationService = null;
-        super.tearDown();
-    }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissions2Test.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissions2Test.java
deleted file mode 100644
index 2996953f16..0000000000
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissions2Test.java
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * This file is part of the RUNA WFE project.
- * 
- * This program is free software; you can redistribute it and/or 
- * modify it under the terms of the GNU Lesser General Public License 
- * as published by the Free Software Foundation; version 2.1 
- * of the License. 
- * 
- * This program is distributed in the hope that it will be useful, 
- * but WITHOUT ANY WARRANTY; without even the implied warranty of 
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
- * GNU Lesser General Public License for more details. 
- * 
- * You should have received a copy of the GNU Lesser General Public License 
- * along with this program; if not, write to the Free Software 
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
- */
-
-package ru.runa.af.delegate;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.cactus.ServletTestCase;
-
-import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
-import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.service.AuthorizationService;
-import ru.runa.wfe.service.ExecutorService;
-import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
-
-import com.google.common.collect.Lists;
-
-/**
- */
-public class AuthorizationServiceDelegateSetPermissions2Test extends ServletTestCase {
-    private ServiceTestHelper helper;
-
-    private AuthorizationService authorizationService;
-
-    private ExecutorService executorService;
-
-    private List<Collection<Permission>> legalPermissions = null;
-
-    private List<Long> legalActorIds = null;
-
-    @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateSetPermissionsTest.class.getName());
-        helper.createDefaultExecutorsMap();
-
-        Collection<Permission> executorsP = Lists.newArrayList(Permission.UPDATE);
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(executorsP);
-
-        authorizationService = Delegates.getAuthorizationService();
-        executorService = Delegates.getExecutorService();
-
-        legalActorIds = Lists.newArrayList(helper.getSubGroupActor().getId(), helper.getBaseGroupActor().getId());
-        legalPermissions = Lists.newArrayList();
-        legalPermissions.add(Lists.newArrayList(Permission.READ));
-        legalPermissions.add(Lists.newArrayList(Permission.READ));
-        super.setUp();
-    }
-
-    @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
-        authorizationService = null;
-        executorService = null;
-        super.tearDown();
-    }
-
-    public void testSetPermissionsFakeSubject() throws Exception {
-        try {
-            authorizationService.setPermissions(helper.getFakeUser(), legalActorIds, legalPermissions, SecuredSingleton.EXECUTORS);
-            fail("AuthorizationDelegate.setPermission allows Fake subject");
-        } catch (AuthenticationException e) {
-        }
-    }
-
-    public void testSetPermissions() throws Exception {
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), legalActorIds, legalPermissions, SecuredSingleton.EXECUTORS);
-        for (int i = 0; i < legalActorIds.size(); i++) {
-            Executor executor = executorService.getExecutor(helper.getAuthorizedPerformerUser(), legalActorIds.get(i));
-            Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), executor,
-                    SecuredSingleton.EXECUTORS);
-            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions on system",
-                    legalPermissions.get(i), actual);
-        }
-
-        legalPermissions = Lists.newArrayList();
-        legalPermissions.add(Lists.newArrayList(Permission.READ, Permission.UPDATE_STATUS));
-        legalPermissions.add(Lists.newArrayList(Permission.READ, Permission.UPDATE_STATUS));
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), legalActorIds, legalPermissions, helper.getBaseGroupActor());
-        for (int i = 0; i < legalActorIds.size(); i++) {
-            Executor executor = executorService.getExecutor(helper.getAuthorizedPerformerUser(), legalActorIds.get(i));
-            Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), executor,
-                    helper.getBaseGroupActor());
-            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions on base group actor",
-                    legalPermissions.get(i), actual);
-        }
-
-        legalPermissions = Lists.newArrayList();
-        legalPermissions.add(Lists.newArrayList(Permission.READ));
-        legalPermissions.add(Lists.newArrayList(Permission.READ));
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), legalActorIds, legalPermissions, helper.getBaseGroup());
-        for (int i = 0; i < legalActorIds.size(); i++) {
-            Executor executor = executorService.getExecutor(helper.getAuthorizedPerformerUser(), legalActorIds.get(i));
-            Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), executor,
-                    helper.getBaseGroup());
-            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions on base group actor",
-                    legalPermissions.get(i), actual);
-        }
-    }
-
-    public void testSetPermissionsUnauthorized() throws Exception {
-        try {
-            authorizationService.setPermissions(helper.getUnauthorizedPerformerUser(), legalActorIds, legalPermissions, SecuredSingleton.EXECUTORS);
-            fail("AuthorizationDelegate.setPermission allows unauthorized subject");
-        } catch (AuthorizationException e) {
-        }
-
-        try {
-            authorizationService.setPermissions(helper.getUnauthorizedPerformerUser(), legalActorIds, legalPermissions, helper.getBaseGroup());
-            fail("AuthorizationDelegate.setPermission allows unauthorized subject");
-        } catch (AuthorizationException e) {
-        }
-    }
-}
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsTest.java
index c486791418..8a129f1570 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsTest.java
@@ -17,103 +17,108 @@
  */
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-
+import com.google.common.collect.Lists;
+import java.util.ArrayList;
+import lombok.val;
+import lombok.var;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
-
-import com.google.common.collect.Lists;
 
 /**
- * Created on 20.08.2004
+ * Created on 20.08.2004.
  */
 public class AuthorizationServiceDelegateSetPermissionsTest extends ServletTestCase {
-    private ServiceTestHelper helper;
-
+    private ServiceTestHelper h;
     private AuthorizationService authorizationService;
 
-    private Collection<Permission> p = Lists.newArrayList(Permission.READ, Permission.UPDATE);
-
     @Override
-    protected void setUp() throws Exception {
-        helper = new ServiceTestHelper(AuthorizationServiceDelegateSetPermissionsTest.class.getName());
-        helper.createDefaultExecutorsMap();
+    protected void setUp() {
+        h = new ServiceTestHelper(AuthorizationServiceDelegateSetPermissionsTest.class.getName());
+        authorizationService = Delegates.getAuthorizationService();
 
-        Collection<Permission> executorsP = Lists.newArrayList(Permission.UPDATE);
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(executorsP);
+        h.createDefaultExecutorsMap();
 
-        authorizationService = Delegates.getAuthorizationService();
-        super.setUp();
+        // authorizationService.setPermissions() requires READ on subject (executors) and UPDATE_PERMISSIONS on object (other executors, system).
+        // Since subject executors are also used as objects, we set both permissions for them.
+        val ppSubject = Lists.newArrayList(Permission.READ, Permission.UPDATE_PERMISSIONS);
+        val ppObject = Lists.newArrayList(Permission.UPDATE_PERMISSIONS);
+        authorizationService.setPermissions(h.getAdminUser(), h.getAuthorizedActor().getId(), ppSubject, h.getBaseGroup());
+        authorizationService.setPermissions(h.getAdminUser(), h.getAuthorizedActor().getId(), ppSubject, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(ppObject, SecuredSingleton.SYSTEM);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         authorizationService = null;
-        super.tearDown();
     }
 
-    public void testSetPermissionsFakeSubject() throws Exception {
+    public void testSetPermissionsFakeUser() {
         try {
-            authorizationService.setPermissions(helper.getFakeUser(), helper.getBaseGroupActor().getId(), p, SecuredSingleton.EXECUTORS);
+            val expected = Lists.newArrayList(Permission.READ, Permission.LOGIN);
+            authorizationService.setPermissions(h.getFakeUser(), h.getBaseGroupActor().getId(), expected, SecuredSingleton.SYSTEM);
             fail("AuthorizationDelegate.setPermissions() allows fake subject");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testSetPermissions() throws Exception {
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor().getId(), p, helper.getBaseGroup());
-        Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                helper.getBaseGroup());
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", p, actual);
+    public void testSetPermissions() {
+        {
+            val expected = Lists.newArrayList(Permission.READ, Permission.UPDATE);
+
+            authorizationService.setPermissions(h.getAuthorizedUser(), h.getBaseGroupActor().getId(), expected, h.getBaseGroup());
+            var actual = authorizationService.getIssuedPermissions(h.getAdminUser(), h.getBaseGroupActor(), h.getBaseGroup());
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", expected, actual);
 
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup().getId(), p, helper.getBaseGroupActor());
-        actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroup(), helper.getBaseGroupActor());
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", p, actual);
+            authorizationService.setPermissions(h.getAuthorizedUser(), h.getBaseGroup().getId(), expected, h.getBaseGroupActor());
+            actual = authorizationService.getIssuedPermissions(h.getAdminUser(), h.getBaseGroup(), h.getBaseGroupActor());
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", expected, actual);
+        }
+        {
+            val expected = Lists.newArrayList(Permission.READ, Permission.VIEW_LOGS);
 
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor().getId(), p, SecuredSingleton.EXECUTORS);
-        actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                SecuredSingleton.EXECUTORS);
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", p, actual);
+            authorizationService.setPermissions(h.getAuthorizedUser(), h.getBaseGroupActor().getId(), expected, SecuredSingleton.SYSTEM);
+            val actual = authorizationService.getIssuedPermissions(h.getAdminUser(), h.getBaseGroupActor(), SecuredSingleton.SYSTEM);
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", expected, actual);
+        }
     }
 
-    public void testSetNoPermission() throws Exception {
-        p = Lists.newArrayList();
-        authorizationService.setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor().getId(), p, helper.getBaseGroup());
-        Collection<Permission> actual = authorizationService.getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor(),
-                helper.getBaseGroup());
-        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", p, actual);
+    public void testSetNoPermission() {
+        val expected = new ArrayList<Permission>();
+        authorizationService.setPermissions(h.getAuthorizedUser(), h.getBaseGroupActor().getId(), expected, h.getBaseGroup());
+        val actual = authorizationService.getIssuedPermissions(h.getAdminUser(), h.getBaseGroupActor(), h.getBaseGroup());
+        ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions", expected, actual);
     }
 
-    public void testSetPermissionsUnauthorized() throws Exception {
+    public void testSetPermissionsUnauthorized() {
+        val expected = new ArrayList<Permission>();
         try {
-            authorizationService.setPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor().getId(), p, helper.getBaseGroup());
+            authorizationService.setPermissions(h.getUnauthorizedUser(), h.getBaseGroupActor().getId(), expected, h.getBaseGroup());
             fail("AuthorizationDelegate.setPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
 
         try {
-            authorizationService.setPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroup().getId(), p, helper.getBaseGroupActor());
+            authorizationService.setPermissions(h.getUnauthorizedUser(), h.getBaseGroup().getId(), expected, h.getBaseGroupActor());
             fail("AuthorizationDelegate.setPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
 
         try {
-            authorizationService.setPermissions(helper.getUnauthorizedPerformerUser(), helper.getBaseGroupActor().getId(), p,
-                    SecuredSingleton.EXECUTORS);
+            authorizationService.setPermissions(h.getUnauthorizedUser(), h.getBaseGroupActor().getId(), expected, SecuredSingleton.SYSTEM);
             fail("AuthorizationDelegate.setPermissions() allows unauthorized operation");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsToListTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsToListTest.java
new file mode 100644
index 0000000000..e0f0192446
--- /dev/null
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AuthorizationServiceDelegateSetPermissionsToListTest.java
@@ -0,0 +1,130 @@
+/*
+ * This file is part of the RUNA WFE project.
+ * 
+ * This program is free software; you can redistribute it and/or 
+ * modify it under the terms of the GNU Lesser General Public License 
+ * as published by the Free Software Foundation; version 2.1 
+ * of the License. 
+ * 
+ * This program is distributed in the hope that it will be useful, 
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of 
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
+ * GNU Lesser General Public License for more details. 
+ * 
+ * You should have received a copy of the GNU Lesser General Public License 
+ * along with this program; if not, write to the Free Software 
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ */
+
+package ru.runa.af.delegate;
+
+import com.google.common.collect.Lists;
+import java.util.Collection;
+import java.util.List;
+import lombok.val;
+import lombok.var;
+import org.apache.cactus.ServletTestCase;
+import ru.runa.af.service.ServiceTestHelper;
+import ru.runa.junit.ArrayAssert;
+import ru.runa.wfe.security.AuthenticationException;
+import ru.runa.wfe.security.AuthorizationException;
+import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
+import ru.runa.wfe.service.AuthorizationService;
+import ru.runa.wfe.service.ExecutorService;
+import ru.runa.wfe.service.delegate.Delegates;
+import ru.runa.wfe.user.Executor;
+
+public class AuthorizationServiceDelegateSetPermissionsToListTest extends ServletTestCase {
+    private ServiceTestHelper h;
+    private AuthorizationService authorizationService;
+    private ExecutorService executorService;
+
+    private List<Collection<Permission>> legalPermissions = null;
+    private List<Long> legalActorIds = null;
+
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
+        h.createDefaultExecutorsMap();
+        authorizationService = Delegates.getAuthorizationService();
+        executorService = Delegates.getExecutorService();
+
+        // setPermissions() requires READ for subject and UPDATE_PERMISSIONS for object:
+        val ppR = Lists.newArrayList(Permission.READ);
+        var ppU = Lists.newArrayList(Permission.UPDATE_PERMISSIONS);
+        // For executors who act as both subject and object:
+        var ppRU = Lists.newArrayList(Permission.READ, Permission.UPDATE_PERMISSIONS);
+
+        h.setPermissionsToAuthorizedActor(ppU, h.getBaseGroup());
+        h.setPermissionsToAuthorizedActor(ppRU, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(ppR, h.getSubGroup());
+        h.setPermissionsToAuthorizedActor(ppR, h.getSubGroupActor());
+        h.setPermissionsToAuthorizedActor(ppU, SecuredSingleton.SYSTEM);
+
+        legalActorIds = Lists.newArrayList(h.getBaseGroupActor().getId(), h.getSubGroupActor().getId());
+        legalPermissions = Lists.newArrayList(ppR, ppR);
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        authorizationService = null;
+        executorService = null;
+    }
+
+    public void testSetPermissionsFakeUser() {
+        try {
+            authorizationService.setPermissions(h.getFakeUser(), legalActorIds, legalPermissions, SecuredSingleton.SYSTEM);
+            fail();
+        } catch (AuthenticationException e) {
+            // Expected.
+        }
+    }
+
+    public void testSetPermissions() {
+        authorizationService.setPermissions(h.getAuthorizedUser(), legalActorIds, legalPermissions, SecuredSingleton.SYSTEM);
+        for (int i = 0; i < legalActorIds.size(); i++) {
+            Executor executor = executorService.getExecutor(h.getAdminUser(), legalActorIds.get(i));
+            Collection<Permission> actual = authorizationService.getIssuedPermissions(h.getAdminUser(), executor, SecuredSingleton.SYSTEM);
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions on SYSTEM",
+                    legalPermissions.get(i), actual);
+        }
+
+        authorizationService.setPermissions(h.getAuthorizedUser(), legalActorIds, legalPermissions, h.getBaseGroup());
+        for (int i = 0; i < legalActorIds.size(); i++) {
+            Executor executor = executorService.getExecutor(h.getAdminUser(), legalActorIds.get(i));
+            Collection<Permission> actual = authorizationService.getIssuedPermissions(h.getAdminUser(), executor, h.getBaseGroup());
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions on base group actor",
+                    legalPermissions.get(i), actual);
+        }
+
+        legalPermissions = Lists.newArrayList(
+                Lists.newArrayList(Permission.READ, Permission.UPDATE_ACTOR_STATUS),
+                Lists.newArrayList(Permission.READ, Permission.UPDATE_ACTOR_STATUS)
+        );
+        authorizationService.setPermissions(h.getAuthorizedUser(), legalActorIds, legalPermissions, h.getBaseGroupActor());
+        for (int i = 0; i < legalActorIds.size(); i++) {
+            Executor executor = executorService.getExecutor(h.getAdminUser(), legalActorIds.get(i));
+            Collection<Permission> actual = authorizationService.getIssuedPermissions(h.getAdminUser(), executor, h.getBaseGroupActor());
+            ArrayAssert.assertWeakEqualArrays("AuthorizationDelegate.setPermissions() does not set right permissions on base group actor",
+                    legalPermissions.get(i), actual);
+        }
+    }
+
+    public void testSetPermissionsUnauthorized() {
+        try {
+            authorizationService.setPermissions(h.getUnauthorizedUser(), legalActorIds, legalPermissions, SecuredSingleton.SYSTEM);
+            fail("AuthorizationDelegate.setPermission allows unauthorized subject");
+        } catch (AuthorizationException e) {
+            // Expected.
+        }
+
+        try {
+            authorizationService.setPermissions(h.getUnauthorizedUser(), legalActorIds, legalPermissions, h.getBaseGroup());
+            fail("AuthorizationDelegate.setPermission allows unauthorized subject");
+        } catch (AuthorizationException e) {
+            // Expected.
+        }
+    }
+}
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddExecutorsToGroupTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddExecutorsToGroupTest.java
index 572ecc7ccf..e2ebe3e08b 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddExecutorsToGroupTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddExecutorsToGroupTest.java
@@ -19,85 +19,88 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Collection;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.Collection;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.ExecutorDoesNotExistException;
+import ru.runa.wfe.user.Group;
 
 /*
  */
 public class ExecutorServiceDelegateAddExecutorsToGroupTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateAddExecutorsToGroupTest.class.getName();
-
     private Actor actor;
-
     private Group additionalGroup;
-
     private Actor additionalActor;
 
     private final Collection<Permission> updatePermissions = Lists.newArrayList(Permission.UPDATE);
-
     private final Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
+        h = new ServiceTestHelper(getClass().getName());
+        h.createDefaultExecutorsMap();
 
-        actor = th.getBaseGroupActor();
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
+        actor = h.getBaseGroupActor();
+        h.setPermissionsToAuthorizedActor(readPermissions, actor);
 
-        additionalGroup = th.createGroupIfNotExist("additionalG", "Additional Group");
-        additionalActor = th.createActorIfNotExist("additionalA", "Additional Actor");
-        th.setPermissionsToAuthorizedPerformer(readPermissions, additionalActor);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, additionalGroup);
+        additionalGroup = h.createGroupIfNotExist("additionalG", "Additional Group");
+        additionalActor = h.createActorIfNotExist("additionalA", "Additional Actor");
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalActor);
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalGroup);
+    }
 
-        super.setUp();
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        actor = null;
+        additionalActor = null;
+        additionalGroup = null;
     }
 
-    public void testAddExecutorByAuthorizedPerformer() throws Exception {
-        assertFalse("Executor not added to group ", th.isExecutorInGroup(additionalActor, additionalGroup));
+    public void testAddExecutorByAuthorizedUser() {
+        assertFalse("Executor not added to group ", h.isExecutorInGroup(additionalActor, additionalGroup));
         try {
-            executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(additionalActor.getId()),
+            executorService.addExecutorsToGroup(h.getAuthorizedUser(), Lists.newArrayList(additionalActor.getId()),
                     additionalGroup.getId());
             fail("Executor added to group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalActor);
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalGroup);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalActor);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroup);
 
-        executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(additionalActor.getId()), additionalGroup.getId());
+        executorService.addExecutorsToGroup(h.getAuthorizedUser(), Lists.newArrayList(additionalActor.getId()), additionalGroup.getId());
 
-        additionalActor = executorService.getExecutor(th.getAuthorizedPerformerUser(), additionalActor.getId());
-        additionalGroup = executorService.getExecutor(th.getAuthorizedPerformerUser(), additionalGroup.getId());
+        additionalActor = executorService.getExecutor(h.getAuthorizedUser(), additionalActor.getId());
+        additionalGroup = executorService.getExecutor(h.getAuthorizedUser(), additionalGroup.getId());
 
-        assertTrue("Executor not added to group ", th.isExecutorInGroup(additionalActor, additionalGroup));
+        assertTrue("Executor not added to group ", h.isExecutorInGroup(additionalActor, additionalGroup));
     }
 
-    public void testAddExecutorByUnAuthorizedPerformer() throws Exception {
+    public void testAddExecutorByUnAuthorizedUser() {
         try {
-            executorService.addExecutorsToGroup(th.getUnauthorizedPerformerUser(), Lists.newArrayList(actor.getId()), additionalGroup.getId());
-            assertTrue("Executor not added to group ", th.isExecutorInGroup(additionalActor, additionalGroup));
+            executorService.addExecutorsToGroup(h.getUnauthorizedUser(), Lists.newArrayList(actor.getId()), additionalGroup.getId());
+            assertTrue("Executor not added to group ", h.isExecutorInGroup(additionalActor, additionalGroup));
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
 
-    public void testAddFakeExecutor() throws Exception {
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalGroup);
+    public void testAddFakeExecutor() {
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroup);
         try {
-            executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(th.getFakeActor().getId()),
+            executorService.addExecutorsToGroup(h.getAuthorizedUser(), Lists.newArrayList(h.getFakeActor().getId()),
                     additionalGroup.getId());
             fail("Executor added to group ");
         } catch (AuthorizationException e) {
@@ -107,14 +110,4 @@ public void testAddFakeExecutor() throws Exception {
             fail("TODO trap");
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        actor = null;
-        additionalActor = null;
-        additionalGroup = null;
-        super.tearDown();
-    }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddManyExecutorsToGroupsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddManyExecutorsToGroupsTest.java
index 668ebbb357..ec2d2942f3 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddManyExecutorsToGroupsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateAddManyExecutorsToGroupsTest.java
@@ -18,225 +18,203 @@
 
 package ru.runa.af.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.Collection;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 
-import com.google.common.collect.Lists;
-
 /*
  */
 public class ExecutorServiceDelegateAddManyExecutorsToGroupsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateAddManyExecutorsToGroupsTest.class.getName();
-
     private Group additionalGroup;
     private List<Group> additionalGroups;
-
     private Actor additionalActor;
     private List<Actor> additionalActors;
-
     private List<Executor> additionalActorGroupsMixed;
 
     private final Collection<Permission> updatePermissions = Lists.newArrayList(Permission.UPDATE);
-
     private final Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
 
-    private List<Actor> getAdditionalActors() throws InternalApplicationException {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
+        executorService = Delegates.getExecutorService();
+
+        additionalGroup = h.createGroupIfNotExist("additionalG", "Additional Group");
+        additionalGroups = h.createGroupArray("additionalG", "Additional Group");
+
+        additionalActor = h.createActorIfNotExist("additionalA", "Additional Actor");
+        additionalActors = h.createActorArray("additionalA", "Additional Actor");
+
+        additionalActorGroupsMixed = h.createMixedActorsGroupsArray("additionalMixed", "Additional Mixed");
+
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalActor);
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalActors);
+
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalGroup);
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalGroups);
+
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalActorGroupsMixed);
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        additionalActor = null;
+        additionalGroup = null;
+        additionalGroups = null;
+        additionalActors = null;
+        additionalActorGroupsMixed = null;
+    }
+
+    private List<Actor> getAdditionalActors() {
         List<Long> ids = Lists.newArrayList();
         for (Actor actor : additionalActors) {
             ids.add(actor.getId());
         }
-        List<Actor> executors = th.getExecutors(th.getAdminUser(), ids);
-        return executors;
+        return h.getExecutors(h.getAdminUser(), ids);
     }
 
-    private List<Group> getAdditionalGroups()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
+    private List<Group> getAdditionalGroups() {
         List<Long> ids = Lists.newArrayList();
         for (Group group : additionalGroups) {
             ids.add(group.getId());
         }
-        return th.getExecutors(th.getAdminUser(), ids);
+        return h.getExecutors(h.getAdminUser(), ids);
     }
 
-    private List<Executor> getAdditionalGroupsMixed()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
+    private List<Executor> getAdditionalGroupsMixed() {
         List<Long> ids = Lists.newArrayList();
         for (Executor executor : additionalActorGroupsMixed) {
             ids.add(executor.getId());
         }
-        return th.getExecutors(th.getAdminUser(), ids);
+        return h.getExecutors(h.getAdminUser(), ids);
     }
 
-    private Group getAdditionalGroup()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), additionalGroup.getId());
+    private Group getAdditionalGroup() {
+        return executorService.getExecutor(h.getAdminUser(), additionalGroup.getId());
     }
 
-    private Actor getAdditionalActor()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), additionalActor.getId());
+    private Actor getAdditionalActor() {
+        return executorService.getExecutor(h.getAdminUser(), additionalActor.getId());
     }
 
-    @Override
-    protected void setUp() throws Exception {
-        executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-
-        additionalGroup = th.createGroupIfNotExist("additionalG", "Additional Group");
-        additionalGroups = th.createGroupArray("additionalG", "Additional Group");
-
-        additionalActor = th.createActorIfNotExist("additionalA", "Additional Actor");
-        additionalActors = th.createActorArray("additionalA", "Additional Actor");
-
-        additionalActorGroupsMixed = th.createMixedActorsGroupsArray("additionalMixed", "Additional Mixed");
-
-        th.setPermissionsToAuthorizedPerformer(readPermissions, additionalActor);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, additionalActors);
-
-        th.setPermissionsToAuthorizedPerformer(readPermissions, additionalGroup);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, additionalGroups);
-
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, additionalActorGroupsMixed);
-
-        super.setUp();
-    }
-
-    public void testAddActorsToGroupByAuthorizedPerformer() throws Exception {
-        assertFalse("Executors not added to group ", th.isExecutorsInGroup(additionalActors, additionalGroup));
+    public void testAddActorsToGroupByAuthorizedUser() {
+        assertFalse("Executors not added to group ", h.isExecutorsInGroup(additionalActors, additionalGroup));
         try {
-            executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalActors), additionalGroup.getId());
+            executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalActors), additionalGroup.getId());
             fail("Executors added to group without corresponding permissions");
         } catch (AuthorizationException e) {
             // this is supposed result
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalGroup);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, additionalActors);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroup);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalActors);
 
-        executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalActors), additionalGroup.getId());
+        executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalActors), additionalGroup.getId());
 
-        assertTrue("Executors not added to group ", th.isExecutorsInGroup(getAdditionalActors(), getAdditionalGroup()));
+        assertTrue("Executors not added to group ", h.isExecutorsInGroup(getAdditionalActors(), getAdditionalGroup()));
     }
 
-    public void testAddGroupsToGroupByAuthorizedPerformer() throws Exception {
-        assertFalse("Executors not added to group ", th.isExecutorsInGroup(additionalGroups, additionalGroup));
+    public void testAddGroupsToGroupByAuthorizedUser() {
+        assertFalse("Executors not added to group ", h.isExecutorsInGroup(additionalGroups, additionalGroup));
         try {
-            executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalGroups), additionalGroup.getId());
+            executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalGroups), additionalGroup.getId());
             fail("Executors added to group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalGroup);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, additionalGroups);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroup);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroups);
 
-        executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalGroups), getAdditionalGroup().getId());
+        executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalGroups), getAdditionalGroup().getId());
 
-        assertTrue("Executors not added to group ", th.isExecutorsInGroup(getAdditionalGroups(), getAdditionalGroup()));
+        assertTrue("Executors not added to group ", h.isExecutorsInGroup(getAdditionalGroups(), getAdditionalGroup()));
     }
 
-    public void testAddMixedActorsGroupsToGroupByAuthorizedPerformer() throws Exception {
-        assertFalse("Executors not added to group ", th.isExecutorsInGroup(additionalActorGroupsMixed, additionalGroup));
+    public void testAddMixedActorsGroupsToGroupByAuthorizedUser() {
+        assertFalse("Executors not added to group ", h.isExecutorsInGroup(additionalActorGroupsMixed, additionalGroup));
         try {
-            executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalActorGroupsMixed), additionalGroup.getId());
+            executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalActorGroupsMixed), additionalGroup.getId());
             fail("Executors added to group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalGroup);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, additionalActorGroupsMixed);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroup);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalActorGroupsMixed);
         try {
-            executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalActorGroupsMixed), getAdditionalGroup().getId());
+            executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalActorGroupsMixed), getAdditionalGroup().getId());
         } catch (AuthorizationException e) {
+            // Expected.
         }
-        assertTrue("Executors not added to group ", th.isExecutorsInGroup(getAdditionalGroupsMixed(), getAdditionalGroup()));
+        assertTrue("Executors not added to group ", h.isExecutorsInGroup(getAdditionalGroupsMixed(), getAdditionalGroup()));
     }
 
-    public void testAddActorToGroupsByAuthorizedPerformer() throws Exception {
-        assertFalse("Executor not added to groups ", th.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
+    public void testAddActorToGroupsByAuthorizedUser() {
+        assertFalse("Executor not added to groups ", h.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
         Executor executor = getAdditionalActor();
         try {
-            executorService.addExecutorToGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+            executorService.addExecutorToGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
             fail("Executor added to groups without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, executor);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, getAdditionalGroups());
+        h.setPermissionsToAuthorizedActor(updatePermissions, executor);
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalGroups());
 
-        executorService.addExecutorToGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
-        assertTrue("Executor not added to groups ", th.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
+        executorService.addExecutorToGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
+        assertTrue("Executor not added to groups ", h.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
     }
 
-    public void testAddGroupToGroupsByAuthorizedPerformer() throws Exception {
+    public void testAddGroupToGroupsByAuthorizedUser() {
 
-        assertFalse("Executor not added to groups ", th.isExecutorInGroups(additionalGroup, additionalGroups));
+        assertFalse("Executor not added to groups ", h.isExecutorInGroups(additionalGroup, additionalGroups));
         Executor executor = additionalGroup;
         try {
-            executorService.addExecutorToGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(additionalGroups));
+            executorService.addExecutorToGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(additionalGroups));
             fail("Executor added to groups without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, additionalGroups);
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, executor);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroups);
+        h.setPermissionsToAuthorizedActor(updatePermissions, executor);
 
-        executorService.addExecutorToGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+        executorService.addExecutorToGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
 
-        assertTrue("Executor not added to groups ", th.isExecutorInGroups(getAdditionalGroup(), getAdditionalGroups()));
+        assertTrue("Executor not added to groups ", h.isExecutorInGroups(getAdditionalGroup(), getAdditionalGroups()));
     }
 
-    public void testAddExecutorsToGroupByUnAuthorizedPerformer() throws Exception {
+    public void testAddExecutorsToGroupByUnAuthorizedUser() {
         try {
-            executorService.addExecutorsToGroup(th.getUnauthorizedPerformerUser(), th.toIds(additionalActorGroupsMixed), additionalGroup.getId());
-            assertTrue("Executors not added to group ", th.isExecutorsInGroup(additionalActorGroupsMixed, additionalGroup));
+            executorService.addExecutorsToGroup(h.getUnauthorizedUser(), h.toIds(additionalActorGroupsMixed), additionalGroup.getId());
+            assertTrue("Executors not added to group ", h.isExecutorsInGroup(additionalActorGroupsMixed, additionalGroup));
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
 
-    public void testAddExecutorToGroupsByUnAuthorizedPerformer() throws Exception {
+    public void testAddExecutorToGroupsByUnAuthorizedUser() {
         Executor executor = additionalActor;
         try {
-            executorService.addExecutorToGroups(th.getUnauthorizedPerformerUser(), executor.getId(), th.toIds(additionalGroups));
-            assertTrue("Executor not added to groups ", th.isExecutorInGroups(additionalActor, additionalGroups));
+            executorService.addExecutorToGroups(h.getUnauthorizedUser(), executor.getId(), h.toIds(additionalGroups));
+            assertTrue("Executor not added to groups ", h.isExecutorInGroups(additionalActor, additionalGroups));
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-
-        th.releaseResources();
-        executorService = null;
-
-        additionalActor = null;
-        additionalGroup = null;
-        additionalGroups = null;
-        additionalActors = null;
-        additionalActorGroupsMixed = null;
-        super.tearDown();
-    }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateActorTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateActorTest.java
index c592338434..426a0a3014 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateActorTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateActorTest.java
@@ -18,95 +18,78 @@
 
 package ru.runa.af.delegate;
 
-import java.util.Collection;
-
+import com.google.common.collect.Lists;
 import org.apache.cactus.ServletTestCase;
-
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.ExecutorAlreadyExistsException;
 
-import com.google.common.collect.Lists;
-
 public class ExecutorServiceDelegateCreateActorTest extends ServletTestCase {
-    private final static String testPrefix = ExecutorServiceDelegateCreateActorTest.class.getName();
-
-    private final static String NAME = "Name" + testPrefix;
-
-    private final static String DESC = "Desc" + testPrefix;
-
-    private final static String FULL_NAME = "FullName" + testPrefix;
-
-    private final static long CODE = System.currentTimeMillis();
-
-    private ServiceTestHelper th;
+    private final String PREFIX = getClass().getName();
 
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
     private Actor actor;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(PREFIX);
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        Collection<Permission> createPermissions = Lists.newArrayList(Permission.CREATE);
-        th.setPermissionsToAuthorizedPerformerOnExecutors(createPermissions);
-        actor = new Actor(NAME, DESC, FULL_NAME, CODE);
-        super.setUp();
+
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_EXECUTOR), SecuredSingleton.SYSTEM);
+        actor = new Actor(PREFIX + "_Name", PREFIX + "_Desc", PREFIX + "_FullName", System.currentTimeMillis());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.removeExecutorIfExists(actor);
+    protected void tearDown() {
+        h.removeExecutorIfExists(actor);
         actor = null;
-        th.releaseResources();
+        h.releaseResources();
         executorService = null;
-
-        super.tearDown();
     }
 
-    public void testCreateActorByAuthorizedPerformer() throws Exception {
-        actor = executorService.create(th.getAuthorizedPerformerUser(), actor);
-        assertTrue("Executor does not exists ", th.isExecutorExist(actor));
-        Actor returnedActor = executorService.getExecutorByName(th.getAuthorizedPerformerUser(), actor.getName());
+    public void testCreateActorByAuthorizedUser() {
+        actor = executorService.create(h.getAuthorizedUser(), actor);
+        assertTrue("Executor does not exists ", h.isExecutorExist(actor));
+        Actor returnedActor = executorService.getExecutorByName(h.getAdminUser(), actor.getName());
         assertEquals("Returned actor differes with created one", actor, returnedActor);
     }
 
-    public void testCreateExecutorByUnAuthorizedPerformer() throws Exception {
+    public void testCreateExecutorByUnAuthorizedUser() {
         try {
-            executorService.create(th.getUnauthorizedPerformerUser(), actor);
+            executorService.create(h.getUnauthorizedUser(), actor);
             fail("ExecutorServiceDelegate allow unauthorized create");
         } catch (AuthorizationException e) {
-            // This is supposed result of operation
+            // Expected.
         }
     }
 
-    public void testCreateAlreadyExistedExecutor() throws Exception {
-        Actor actor2 = executorService.create(th.getAuthorizedPerformerUser(), actor);
-        assertTrue("Executor does not exists ", th.isExecutorExist(actor));
+    public void testCreateAlreadyExistedExecutor() {
+        Actor actor2 = executorService.create(h.getAuthorizedUser(), actor);
+        assertTrue("Executor does not exists ", h.isExecutorExist(actor));
         try {
-            executorService.create(th.getAuthorizedPerformerUser(), actor);
+            executorService.create(h.getAuthorizedUser(), actor);
             fail("ExecutorServiceDelegate allow create actor with same name");
         } catch (ExecutorAlreadyExistsException e) {
             // This is supposed result of operation
         }
-        Actor returnedActor = executorService.getExecutor(th.getAuthorizedPerformerUser(), actor2.getId());
+        Actor returnedActor = executorService.getExecutor(h.getAuthorizedUser(), actor2.getId());
         assertEquals("Returned actor differes with created one", actor, returnedActor);
     }
 
-    public void testCreateExecutorWithFakeSubject() throws Exception {
+    public void testCreateExecutorWithFakeUser() {
         try {
-            executorService.create(th.getFakeUser(), actor);
+            executorService.create(h.getFakeUser(), actor);
             fail("executor with fake subject created");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateGroupTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateGroupTest.java
index e707a9b987..cac31cf664 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateGroupTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateCreateGroupTest.java
@@ -18,106 +18,94 @@
 
 package ru.runa.af.delegate;
 
-import java.util.List;
-
+import com.google.common.collect.Lists;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.ExecutorAlreadyExistsException;
 import ru.runa.wfe.user.Group;
 
-import com.google.common.collect.Lists;
-
 public class ExecutorServiceDelegateCreateGroupTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private final String PREFIX = getClass().getName();
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateCreateGroupTest.class.getName();
-
-    private final List<Permission> createPermissions = Lists.newArrayList(Permission.CREATE);
-
     private Group group;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(PREFIX);
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.setPermissionsToAuthorizedPerformerOnExecutors(createPermissions);
-        super.setUp();
+
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_EXECUTOR), SecuredSingleton.SYSTEM);
     }
 
-    public void testCreateGroupByAuthorizedPerformer() throws Exception {
-        group = new Group("ExecutorServiceDelegateCreateGroupTest_Group", "description");
-        group = executorService.create(th.getAuthorizedPerformerUser(), group);
-        assertTrue("Executor (group) does not exists ", th.isExecutorExist(group));
-        Group returnedGroup = executorService.getExecutor(th.getAuthorizedPerformerUser(), group.getId());
-        assertEquals("Returned group differes with created one", group, returnedGroup);
+    @Override
+    protected void tearDown() {
+        h.removeExecutorIfExists(group);
+        h.releaseResources();
+        executorService = null;
+        group = null;
     }
 
-    public void testCreateExecutorByUnAuthorizedPerformer() throws Exception {
+    public void testCreateGroupByAuthorizedUser() {
+        group = new Group(PREFIX + "_Group", "description");
+        group = executorService.create(h.getAuthorizedUser(), group);
+        assertTrue("Executor (group) does not exists ", h.isExecutorExist(group));
+        Group returnedGroup = executorService.getExecutor(h.getAuthorizedUser(), group.getId());
+        assertEquals("Returned group differes with created one", group, returnedGroup);
+    }
 
-        group = new Group("ExecutorServiceDelegateCreateGroupTest_Group", "description");
+    public void testCreateExecutorByUnAuthorizedUser() {
+        group = new Group(PREFIX + "_Group", "description");
         try {
-            group = executorService.create(th.getUnauthorizedPerformerUser(), group);
+            group = executorService.create(h.getUnauthorizedUser(), group);
             fail("ExecutorServiceDelegate.create(group) creates executor without permissions");
         } catch (AuthorizationException e) {
-            // This is supposed result of operation
+            // Expected.
         }
-        assertFalse("Executor exists ", th.isExecutorExist(group));
+        assertFalse("Executor exists ", h.isExecutorExist(group));
     }
 
-    public void testCreateAlreadyExistedGroup() throws Exception {
-        Group group2 = new Group("ExecutorServiceDelegateCreateGroupTest_Group", "description");
-        group = executorService.create(th.getAuthorizedPerformerUser(), group2);
-        assertTrue("Executor does not exists ", th.isExecutorExist(group));
+    public void testCreateAlreadyExistedGroup() {
+        Group group2 = new Group(PREFIX + "_Group", "description");
+        group = executorService.create(h.getAuthorizedUser(), group2);
+        assertTrue("Executor does not exists ", h.isExecutorExist(group));
         try {
-            executorService.create(th.getAuthorizedPerformerUser(), group2);
+            executorService.create(h.getAuthorizedUser(), group2);
             fail("ExecutorServiceDelegate.create(group) creates already existed group");
         } catch (ExecutorAlreadyExistsException e) {
-            // This is supposed result of operation
+            // Expected.
         }
-        Group returnedGroup = executorService.getExecutor(th.getAuthorizedPerformerUser(), group.getId());
+        Group returnedGroup = executorService.getExecutor(h.getAuthorizedUser(), group.getId());
         assertEquals("Returned actor differes with created one", group, returnedGroup);
     }
 
-    public void testCreateAlreadyExistedActor() throws Exception {
-        Actor actor = th.createActorIfNotExist("ExecutorServiceDelegateCreateGroupTest_Group", "description");
+    public void testCreateAlreadyExistedActor() {
+        Actor actor = h.createActorIfNotExist(PREFIX + "_Group", "description");
         group = new Group(actor.getName(), actor.getDescription());
         try {
-            executorService.create(th.getAuthorizedPerformerUser(), group);
+            executorService.create(h.getAuthorizedUser(), group);
             fail("ExecutorServiceDelegate.create(group) creates already existed actor");
         } catch (ExecutorAlreadyExistsException e) {
-            // This is supposed result of operation
+            // Expected.
         }
     }
 
-    public void testCreateExecutorWithFakeSubject() throws Exception {
-        group = new Group("ExecutorServiceDelegateCreateGroupTest_Group", "description");
+    public void testCreateExecutorWithFakeUser() {
+        group = new Group(PREFIX + "_Group", "description");
         try {
-            group = executorService.create(th.getFakeUser(), group);
+            group = executorService.create(h.getFakeUser(), group);
             fail("executor with fake subject created");
         } catch (AuthenticationException e) {
-            // This is supposed result of operation
+            // Expected.
         }
-        assertFalse("Executor does not exists ", th.isExecutorExist(group));
+        assertFalse("Executor does not exists ", h.isExecutorExist(group));
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.removeExecutorIfExists(group);
-        group = null;
-
-        th.releaseResources();
-        executorService = null;
-        group = null;
-        super.tearDown();
-    }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorByIdTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorByIdTest.java
index 6cbbfde929..ed7d273559 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorByIdTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorByIdTest.java
@@ -18,89 +18,92 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Map;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.List;
-import java.util.Map;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.Executor;
+import ru.runa.wfe.user.ExecutorDoesNotExistException;
+import ru.runa.wfe.user.Group;
 
 /**
- * Created on 01.11.2004
+ * Created on 01.11.2004.
  */
 public class ExecutorServiceDelegateGetActorByIdTest extends ServletTestCase {
-    private ServiceTestHelper th;
+    private ServiceTestHelper h;
     private ExecutorService executorService;
-    private static String testPrefix = ExecutorServiceDelegateGetActorByIdTest.class.getName();
+
     private Group group;
     private Actor actor;
     private Map<String, Executor> executorsMap;
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
 
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
         actor = (Actor) executorsMap.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, (Actor) executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME));
-        super.setUp();
+
+        val readPermissions = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(readPermissions, actor);
+        h.setPermissionsToAuthorizedActor(readPermissions, group);
+        h.setPermissionsToAuthorizedActor(readPermissions, executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME));
     }
 
-    public void testGetActorByAuthorizedPerformer() throws Exception {
-        Actor returnedBaseGroupActor = executorService.getExecutor(th.getAuthorizedPerformerUser(), actor.getId());
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        actor = null;
+        group = null;
+    }
+
+    public void testGetActorByAuthorizedUser() {
+        Actor returnedBaseGroupActor = executorService.getExecutor(h.getAuthorizedUser(), actor.getId());
         assertEquals("actor retuned by businessDelegate differes with expected", actor, returnedBaseGroupActor);
         Actor subGroupActor = (Actor) executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
-        Actor returnedSubGroupActor = executorService.getExecutor(th.getAuthorizedPerformerUser(), subGroupActor.getId());
+        Actor returnedSubGroupActor = executorService.getExecutor(h.getAuthorizedUser(), subGroupActor.getId());
         assertEquals("actor retuned by businessDelegate differes with expected", subGroupActor, returnedSubGroupActor);
     }
 
-    public void testGetActorByUnauthorizedPerformer() throws Exception {
+    public void testGetActorByUnauthorizedUser() {
         try {
-            executorService.getExecutor(th.getUnauthorizedPerformerUser(), actor.getId());
-            fail("businessDelegate allow to getActor() to performer with UnauthorizedPerformerSubject");
+            executorService.getExecutor(h.getUnauthorizedUser(), actor.getId());
+            fail();
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
         try {
-            executorService.getExecutor(th.getUnauthorizedPerformerUser(), th.getSubGroupActor().getId());
-            fail("businessDelegate allow to getActor() to performer with UnauthorizedPerformerSubject");
+            executorService.getExecutor(h.getUnauthorizedUser(), h.getSubGroupActor().getId());
+            fail();
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistedActorByAuthorizedPerformer() throws Exception {
+    public void testGetUnexistedActorByAuthorizedUser() {
         try {
-            executorService.getExecutor(th.getAuthorizedPerformerUser(), -1l);
-            fail("businessDelegate does not throw Exception to getActor()");
+            executorService.getExecutor(h.getAuthorizedUser(), -1L);
+            fail();
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetActorInsteadOfGroup() throws Exception {
+    public void testGetActorInsteadOfGroup() {
         try {
-            Actor actor = executorService.<Actor>getExecutor(th.getAuthorizedPerformerUser(), group.getId());
+            Actor actor = executorService.<Actor>getExecutor(h.getAuthorizedUser(), group.getId());
             fail("businessDelegete allow to getActor() where the group really is returned.");
         } catch (ClassCastException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        actor = null;
-        group = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorTest.java
index d7b6f18a01..04856e2539 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetActorTest.java
@@ -19,93 +19,92 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Map;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.List;
-import java.util.Map;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.Executor;
+import ru.runa.wfe.user.ExecutorDoesNotExistException;
+import ru.runa.wfe.user.Group;
 
 public class ExecutorServiceDelegateGetActorTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private final String PREFIX = getClass().getName();
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetActorTest.class.getName();
-
     private Group group;
-
     private Actor actor;
-
     private Map<String, Executor> executorsMap;
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(PREFIX);
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
 
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
         actor = (Actor) executorsMap.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, (Actor) executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME));
-        super.setUp();
+
+        val readPermissions = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(readPermissions, actor);
+        h.setPermissionsToAuthorizedActor(readPermissions, group);
+        h.setPermissionsToAuthorizedActor(readPermissions, executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME));
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        actor = null;
+        group = null;
     }
 
-    public void testGetExecutorByNameByAuthorizedPerformer() throws Exception {
-        Actor returnedBaseGroupActor = executorService.getExecutorByName(th.getAuthorizedPerformerUser(),
-                testPrefix + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
+    public void testGetExecutorByNameByAuthorizedUser() {
+        Actor returnedBaseGroupActor = executorService.getExecutorByName(h.getAuthorizedUser(),
+                PREFIX + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
         assertEquals("actor retuned by businessDelegate differes with expected", actor, returnedBaseGroupActor);
-        Actor returnedSubGroupActor = executorService.getExecutorByName(th.getAuthorizedPerformerUser(),
-                testPrefix + ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
+        Actor returnedSubGroupActor = executorService.getExecutorByName(h.getAuthorizedUser(),
+                PREFIX + ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
         Actor subGroupActor = (Actor) executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
         assertEquals("actor retuned by businessDelegate differes with expected", subGroupActor, returnedSubGroupActor);
     }
 
-    public void testGetExecutorByNameByUnauthorizedPerformer() throws Exception {
+    public void testGetExecutorByNameByUnauthorizedUser() {
         try {
-            executorService.getExecutorByName(th.getUnauthorizedPerformerUser(), testPrefix + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
+            executorService.getExecutorByName(h.getUnauthorizedUser(), PREFIX + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
             fail("businessDelegate allow to getExecutorByName() to performer without Permission.READ.");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
         try {
-            executorService.getExecutorByName(th.getUnauthorizedPerformerUser(), testPrefix + ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
+            executorService.getExecutorByName(h.getUnauthorizedUser(), PREFIX + ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
             fail("businessDelegate allow to getExecutorByName() to performer without Permission.READ.");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistedActorByAuthorizedPerformer() throws Exception {
+    public void testGetUnexistedActorByAuthorizedUser() {
         try {
-            executorService.getExecutorByName(th.getAuthorizedPerformerUser(), testPrefix + "unexistent actor name");
+            executorService.getExecutorByName(h.getAuthorizedUser(), PREFIX + "unexistent actor name");
             fail("businessDelegate does not throw Exception to getExecutorByName() to performer without Permission.READ");
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetExecutorByNameInsteadOfGroup() throws Exception {
+    public void testGetExecutorByNameInsteadOfGroup() {
         try {
-            Actor actor = executorService.<Actor>getExecutorByName(th.getAuthorizedPerformerUser(), testPrefix + ServiceTestHelper.BASE_GROUP_NAME);
+            Actor actor = executorService.<Actor>getExecutorByName(h.getAuthorizedUser(), PREFIX + ServiceTestHelper.BASE_GROUP_NAME);
             fail("businessDelegate allow to getExecutorByName() where the group really is returned.");
         } catch (ClassCastException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        actor = null;
-        group = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetAllTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetAllTest.java
index aad68ac5a5..d93b9451a8 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetAllTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetAllTest.java
@@ -18,82 +18,66 @@
 
 package ru.runa.af.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
-import com.google.common.collect.Lists;
-
 public class ExecutorServiceDelegateGetAllTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetAllTest.class.getName();
-
-    private Group group;
+    @Override
+    protected void setUp() {
+        executorService = Delegates.getExecutorService();
+        h = new ServiceTestHelper(getClass().getName());
 
-    private Actor actor;
+        h.createDefaultExecutorsMap();
 
-    private Map<String, Executor> executorsMap;
+        val ee = h.getDefaultExecutorsMap();
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.READ), Lists.newArrayList(
+                ee.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME),
+                ee.get(ServiceTestHelper.BASE_GROUP_NAME),
+                ee.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME),
+                ee.get(ServiceTestHelper.SUB_GROUP_NAME)
+        ));
+    }
 
     @Override
-    protected void setUp() throws Exception {
-        executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
-
-        actor = (Actor) executorsMap.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
-        group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME));
-        th.setPermissionsToAuthorizedPerformer(readPermissions, executorsMap.get(ServiceTestHelper.SUB_GROUP_NAME));
-        super.setUp();
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
     }
 
-    final public void testgetExecutorsByAuthorizedPerformer() throws Exception {
-        List<? extends Executor> executors = executorService.getExecutors(th.getAuthorizedPerformerUser(), th.getExecutorBatchPresentation());
-        LinkedList<Executor> realExecutors = new LinkedList<Executor>(executorsMap.values());
-        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutors() returns wrong executor set", realExecutors, executors);
+    final public void testGetExecutorsByAuthorizedUser() {
+        val actual = executorService.getExecutors(h.getAuthorizedUser(), h.getExecutorBatchPresentation());  // includes AuthorizedActor
+        val expected = new LinkedList<Executor>(h.getDefaultExecutorsMap().values());
+        // ExecutorLogic.create(User, Executor) adds READ permission on executor to itself:
+        expected.add(h.getAuthorizedActor());
+        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutors() returns wrong executor set", expected, actual);
     }
 
-    public void testgetExecutorsByUnauthorizedPerformer() throws Exception {
-        List<? extends Executor> executors = executorService.getExecutors(th.getUnauthorizedPerformerUser(), th.getExecutorBatchPresentation());
-        assertTrue("businessDelegate.getExecutors() returns executors", executors.isEmpty());
+    public void testGetExecutorsByUnauthorizedUser() {
+        val actual = executorService.getExecutors(h.getUnauthorizedUser(), h.getExecutorBatchPresentation());
+        val expected = Lists.newArrayList(h.getUnauthorizedActor());
+        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutors() must return only unauthorizedActor itself", expected, actual);
     }
 
-    public void testgetExecutorsWithFakeSubject() throws Exception {
+    public void testGetExecutorsWithFakeUser() {
         try {
-            User fakeUser = th.getFakeUser();
-            executorService.getExecutors(fakeUser, th.getExecutorBatchPresentation());
+            User fakeUser = h.getFakeUser();
+            executorService.getExecutors(fakeUser, h.getExecutorBatchPresentation());
             fail("businessDelegate.getExecutors() with fake subject throws no AuthenticationException");
         } catch (AuthenticationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        actor = null;
-        group = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorGroupsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorGroupsTest.java
index 7f219927bd..a6369042fc 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorGroupsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorGroupsTest.java
@@ -18,134 +18,122 @@
 
 package ru.runa.af.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.List;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
-import ru.runa.wfe.user.User;
-
-import com.google.common.collect.Lists;
 
 public class ExecutorServiceDelegateGetExecutorGroupsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetExecutorGroupsTest.class.getName();
-
     private Group group;
-
     private Group subGroup;
-
     private Actor actor;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-
-        actor = th.getSubGroupActor();
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
-        group = th.getBaseGroup();
-        subGroup = th.getSubGroup();
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, subGroup);
-        super.setUp();
+
+        h.createDefaultExecutorsMap();
+        actor = h.getSubGroupActor();
+        group = h.getBaseGroup();
+        subGroup = h.getSubGroup();
+
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, actor);
+        h.setPermissionsToAuthorizedActor(pp, group);
+        h.setPermissionsToAuthorizedActor(pp, subGroup);
     }
 
-    final public void testGetExecutorGroupsByAuthorizedPerformer1() throws Exception {
-        List<Group> calculatedGroups = executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), actor, th.getExecutorBatchPresentation(),
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        h = null;
+        executorService = null;
+        actor = null;
+        group = null;
+        subGroup = null;
+    }
+
+    final public void testGetExecutorGroupsByAuthorizedUser1() {
+        List<Group> calculatedGroups = executorService.getExecutorGroups(h.getAuthorizedUser(), actor, h.getExecutorBatchPresentation(),
                 false);
         List<Group> realGroups = Lists.newArrayList(subGroup);
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups( actor ) returns wrong group set", realGroups, calculatedGroups);
     }
 
-    final public void testGetExecutorGroupsByAuthorizedPerformer2() throws Exception {
-        List<Group> calculatedGroups = executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), subGroup, th.getExecutorBatchPresentation(),
+    final public void testGetExecutorGroupsByAuthorizedUser2() {
+        List<Group> calculatedGroups = executorService.getExecutorGroups(h.getAuthorizedUser(), subGroup, h.getExecutorBatchPresentation(),
                 false);
         List<Group> realGroups = Lists.newArrayList(group);
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups( group ) returns wrong group set", realGroups, calculatedGroups);
     }
 
-    final public void testGetExecutorGroupsByAuthorizedPerformer3() throws Exception {
+    final public void testGetExecutorGroupsByAuthorizedUser3() {
         List<Permission> updatePermission = Lists.newArrayList(Permission.UPDATE);
-        th.setPermissionsToAuthorizedPerformer(updatePermission, group);
-        th.addExecutorToGroup(getActor(), getGroup());
-        List<Group> calculatedGroups = executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), getActor(),
-                th.getExecutorBatchPresentation(), false);
+        h.setPermissionsToAuthorizedActor(updatePermission, group);
+        h.addExecutorToGroup(getActor(), getGroup());
+        List<Group> calculatedGroups = executorService.getExecutorGroups(h.getAuthorizedUser(), getActor(),
+                h.getExecutorBatchPresentation(), false);
         List<Group> realGroups = Lists.newArrayList(subGroup, getGroup());
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups() returns wrong group set", realGroups, calculatedGroups);
     }
 
-    private Group getGroup() throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), group.getId());
+    private Group getGroup() {
+        return executorService.getExecutor(h.getAdminUser(), group.getId());
     }
 
-    private Actor getActor() throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), actor.getId());
+    private Actor getActor() {
+        return executorService.getExecutor(h.getAdminUser(), actor.getId());
     }
 
-    final public void testGetExecutorGroupsByAuthorizedPerformer4() throws Exception {
+    final public void testGetExecutorGroupsByAuthorizedUser4() {
         List<Permission> updatePermission = Lists.newArrayList(Permission.UPDATE);
         List<Permission> noPermissionArray = Lists.newArrayList();
-        th.setPermissionsToAuthorizedPerformer(updatePermission, group);
-        th.addExecutorToGroup(getActor(), getGroup());
-        th.setPermissionsToAuthorizedPerformer(noPermissionArray, subGroup);
-        List<Group> calculatedGroups = executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), getActor(),
-                th.getExecutorBatchPresentation(), false);
+        h.setPermissionsToAuthorizedActor(updatePermission, group);
+        h.addExecutorToGroup(getActor(), getGroup());
+        h.setPermissionsToAuthorizedActor(noPermissionArray, subGroup);
+        List<Group> calculatedGroups = executorService.getExecutorGroups(h.getAuthorizedUser(), getActor(),
+                h.getExecutorBatchPresentation(), false);
         List<Group> realGroups = Lists.newArrayList(getGroup());
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups() returns wrong group set", realGroups, calculatedGroups);
     }
 
-    public void testGetExecutorGroupsByUnauthorizedPerformer1() throws Exception {
+    public void testGetExecutorGroupsByUnauthorizedUser1() {
         try {
-            executorService.getExecutorGroups(th.getUnauthorizedPerformerUser(), actor, th.getExecutorBatchPresentation(), false);
-            fail("businessDelegate.getExecutorGroupsByUnauthorizedPerformer(actor) no AuthorizationFailedException");
+            executorService.getExecutorGroups(h.getUnauthorizedUser(), actor, h.getExecutorBatchPresentation(), false);
+            fail();
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetExecutorGroupsByUnauthorizedPerformer2() throws Exception {
+    public void testGetExecutorGroupsByUnauthorizedUser2() {
         try {
-            executorService.getExecutorGroups(th.getUnauthorizedPerformerUser(), subGroup, th.getExecutorBatchPresentation(), false);
-            fail("businessDelegate.getExecutorGroupsByUnauthorizedPerformer(subGroup) no AuthorizationFailedException");
+            executorService.getExecutorGroups(h.getUnauthorizedUser(), subGroup, h.getExecutorBatchPresentation(), false);
+            fail();
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetExecutorGroupsWithFakeSubject() throws Exception {
+    public void testGetExecutorGroupsWithFakeUser() {
         try {
-            User fakeUser = th.getFakeUser();
-            executorService.getExecutorGroups(fakeUser, actor, th.getExecutorBatchPresentation(), false);
-            fail("testGetExecutorGroupsWithFakeSubject no Exception");
+            executorService.getExecutorGroups(h.getFakeUser(), actor, h.getExecutorBatchPresentation(), false);
+            fail();
         } catch (AuthenticationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        th = null;
-        executorService = null;
-        actor = null;
-        group = null;
-        subGroup = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorTest.java
index 3c4e40338d..5207bbde11 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorTest.java
@@ -19,83 +19,80 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.List;
-import java.util.Map;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.ExecutorDoesNotExistException;
+import ru.runa.wfe.user.Group;
+import ru.runa.wfe.user.User;
 
 public class ExecutorServiceDelegateGetExecutorTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private final String PREFIX = getClass().getName();
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetExecutorTest.class.getName();
-
     private Group group;
-
     private Actor actor;
 
-    private Map<String, Executor> executorsMap;
-
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(PREFIX);
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
 
+        h.createDefaultExecutorsMap();
+        val executorsMap = h.getDefaultExecutorsMap();
         actor = (Actor) executorsMap.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        super.setUp();
+
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, actor);
+        h.setPermissionsToAuthorizedActor(pp, group);
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        actor = null;
+        group = null;
     }
 
-    public void testGetActorByAuthorizedPerformer() throws Exception {
-        Actor returnedBaseGroupActor = executorService.getExecutorByName(th.getAuthorizedPerformerUser(),
-                testPrefix + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
+    public void testGetActorByAuthorizedUser() {
+        Actor returnedBaseGroupActor = executorService.getExecutorByName(h.getAuthorizedUser(),
+                PREFIX + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
         assertEquals("actor retuned by businessDelegate differes with expected", actor, returnedBaseGroupActor);
-        Group returnedBaseGroup = executorService.getExecutorByName(th.getAuthorizedPerformerUser(), testPrefix + ServiceTestHelper.BASE_GROUP_NAME);
+        Group returnedBaseGroup = executorService.getExecutorByName(h.getAuthorizedUser(), PREFIX + ServiceTestHelper.BASE_GROUP_NAME);
         assertEquals("actor retuned by businessDelegate differes with expected", group, returnedBaseGroup);
     }
 
-    public void testGetExecutorByUnauthorizedPerformer() throws Exception {
-        User unauthorizedPerformerUser = th.getUnauthorizedPerformerUser();
+    public void testGetExecutorByUnauthorizedUser() {
+        User unauthorizedUser = h.getUnauthorizedUser();
         try {
-            executorService.getExecutorByName(unauthorizedPerformerUser, testPrefix + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
+            executorService.getExecutorByName(unauthorizedUser, PREFIX + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
             fail("businessDelegate allow to getExecutor() to performer without Permission.READ.");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
         try {
-            executorService.getExecutorByName(unauthorizedPerformerUser, testPrefix + ServiceTestHelper.BASE_GROUP_NAME);
+            executorService.getExecutorByName(unauthorizedUser, PREFIX + ServiceTestHelper.BASE_GROUP_NAME);
             fail("businessDelegate allow to getExecutor() to performer without Permission.READ.");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistentExecutorByAuthorizedPerformer() throws Exception {
-        User authorizedPerformerUser = th.getAuthorizedPerformerUser();
+    public void testGetUnexistentExecutorByAuthorizedUser() {
+        User authorizedUser = h.getAuthorizedUser();
         try {
-            executorService.getExecutorByName(authorizedPerformerUser, testPrefix + "unexistent actor name");
+            executorService.getExecutorByName(authorizedUser, PREFIX + "unexistent actor name");
             fail("businessDelegate does not throw Exception to getExecutor() to performer without Permission.READ");
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        actor = null;
-        group = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsCanBeAddedToGroupTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsCanBeAddedToGroupTest.java
index 1292911277..e742914501 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsCanBeAddedToGroupTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsCanBeAddedToGroupTest.java
@@ -20,12 +20,11 @@
 
 import com.google.common.collect.Lists;
 import java.util.Collection;
-import java.util.List;
 import java.util.Map;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
@@ -33,101 +32,90 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
 public class ExecutorServiceDelegateGetExecutorsCanBeAddedToGroupTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetExecutorsCanBeAddedToGroupTest.class.getName();
-
     private Group group;
-
     private Group subGroup;
-
     private Actor actor;
-
     private Map<String, Executor> executorsMap;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        Collection<Permission> updatePermission = Lists.newArrayList(Permission.UPDATE);
-        executorsMap = th.getDefaultExecutorsMap();
 
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
         actor = (Actor) executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(updatePermission, actor);
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
         subGroup = (Group) executorsMap.get(ServiceTestHelper.SUB_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(updatePermission, group);
-        th.setPermissionsToAuthorizedPerformer(updatePermission, subGroup);
-        super.setUp();
+
+        val pp = Lists.newArrayList(Permission.UPDATE);
+        h.setPermissionsToAuthorizedActor(pp, actor);
+        h.setPermissionsToAuthorizedActor(pp, group);
+        h.setPermissionsToAuthorizedActor(pp, subGroup);
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        h = null;
+        executorsMap = null;
+        executorService = null;
+        actor = null;
+        group = null;
+        subGroup = null;
     }
 
-    private Group getSubGroup() throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), subGroup.getId());
+    private Group getSubGroup() {
+        return executorService.getExecutor(h.getAdminUser(), subGroup.getId());
     }
 
-    final public void testGetExecutorsByAuthorizedPerformer1() throws Exception {
-        List<Executor> calculatedExecutors = executorService.getGroupChildren(th.getAuthorizedPerformerUser(), getSubGroup(),
-                th.getExecutorBatchPresentation(), true);
-        List<Executor> realExecutors = Lists.newArrayList((Executor) group);
-        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups() returns wrong group set", realExecutors, calculatedExecutors);
+    final public void testGetExecutorsByAuthorizedUser1() {
+        val actual = executorService.getGroupChildren(h.getAuthorizedUser(), getSubGroup(), h.getExecutorBatchPresentation(), true);
+        val expected = Lists.newArrayList((Executor) group);
+        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups() returns wrong group set", expected, actual);
     }
 
-    final public void testGetExecutorsByAuthorizedPerformer2() throws Exception {
-        Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, th.getBaseGroupActor());
-        List<Executor> calculatedExecutors = executorService.getGroupChildren(th.getAuthorizedPerformerUser(), getSubGroup(),
-                th.getExecutorBatchPresentation(), true);
-        List<Executor> realExecutors = Lists.newArrayList(group, th.getBaseGroupActor());
-        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutors ...() returns wrong group set", realExecutors, calculatedExecutors);
+    final public void testGetExecutorsByAuthorizedUser2() {
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.UPDATE), h.getBaseGroupActor());
+        val actual = executorService.getGroupChildren(h.getAuthorizedUser(), getSubGroup(), h.getExecutorBatchPresentation(), true);
+        val expected = Lists.newArrayList(group, h.getBaseGroupActor());
+        ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutors ...() returns wrong group set", expected, actual);
     }
 
-    public void testGetExecutorGroupsByUnauthorizedPerformer() throws Exception {
+    public void testGetExecutorGroupsByUnauthorizedUser() {
         try {
-            executorService.getGroupChildren(th.getUnauthorizedPerformerUser(), getSubGroup(), th.getExecutorBatchPresentation(), true);
-            fail("businessDelegate.getExecutorsByUnauthorizedPerformer() no AuthorizationFailedException");
+            executorService.getGroupChildren(h.getUnauthorizedUser(), getSubGroup(), h.getExecutorBatchPresentation(), true);
+            fail();
         } catch (AuthorizationException e) {
             // That's what we expect
         }
     }
 
-    public void testGetExecutorGroupswithoutPermission() throws Exception {
+    public void testGetExecutorGroupswithoutPermission() {
         try {
             Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-            th.setPermissionsToAuthorizedPerformer(readPermissions, getSubGroup());
-            executorService.getGroupChildren(th.getAuthorizedPerformerUser(), getSubGroup(), th.getExecutorBatchPresentation(), true);
+            h.setPermissionsToAuthorizedActor(readPermissions, getSubGroup());
+            executorService.getGroupChildren(h.getAuthorizedUser(), getSubGroup(), h.getExecutorBatchPresentation(), true);
             fail("testGetExecutorswithoutPermission no Exception");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetExecutorGroupswithFakeSubject() throws Exception {
+    public void testGetExecutorGroupswithFakeUser() {
         try {
-            User fakeUser = th.getFakeUser();
-            executorService.getGroupChildren(fakeUser, getSubGroup(), th.getExecutorBatchPresentation(), true);
+            User fakeUser = h.getFakeUser();
+            executorService.getGroupChildren(fakeUser, getSubGroup(), h.getExecutorBatchPresentation(), true);
             fail("testGetExecutorswithoutPermission no Exception");
         } catch (AuthenticationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        th = null;
-        executorsMap = null;
-        executorService = null;
-        actor = null;
-        group = null;
-        subGroup = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsTest.java
index feedfc3649..885a8eadf4 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetExecutorsTest.java
@@ -18,79 +18,70 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.List;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.service.ExecutorService;
-import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Executor;
 import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.User;
 
-import java.util.List;
-
 /**
  * Created on 16.05.2005
  */
 // TODO executionService.getExecutorsByIds
 public class ExecutorServiceDelegateGetExecutorsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-    private ExecutorService executorService;
-    private static String testPrefix = ExecutorServiceDelegateGetExecutorsTest.class.getName();
+    private ServiceTestHelper h;
 
     private List<Executor> additionalActorGroupsMixed;
     private final List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
     private List<Long> executorsIDs;
 
-    protected void setUp() throws Exception {
-        executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
 
-        additionalActorGroupsMixed = th.createMixedActorsGroupsArray("additionalMixed", "Additional Mixed");
-
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, additionalActorGroupsMixed);
+        additionalActorGroupsMixed = h.createMixedActorsGroupsArray("additionalMixed", "Additional Mixed");
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalActorGroupsMixed);
 
         executorsIDs = Lists.newArrayList();
         for (Executor executor : additionalActorGroupsMixed) {
             executorsIDs.add(executor.getId());
         }
+    }
 
-        super.setUp();
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorsIDs = null;
+        additionalActorGroupsMixed = null;
     }
 
-    public void testGetExecutorsByAuthorizedPerformer() throws Exception {
-        List<Executor> returnedExecutors = th.getExecutors(th.getAuthorizedPerformerUser(), executorsIDs);
+    public void testGetExecutorsByAuthorizedUser() {
+        List<Executor> returnedExecutors = h.getExecutors(h.getAuthorizedUser(), executorsIDs);
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutors() returns wrong executor set", additionalActorGroupsMixed,
                 returnedExecutors);
     }
 
-    public void testGetExecutorsByUnauthorizedPerformer() throws Exception {
-        User unauthorizedPerformerUser = th.getUnauthorizedPerformerUser();
+    public void testGetExecutorsByUnauthorizedUser() {
+        User unauthorizedUser = h.getUnauthorizedUser();
         try {
-            th.getExecutors(unauthorizedPerformerUser, executorsIDs);
+            h.getExecutors(unauthorizedUser, executorsIDs);
             fail("businessDelegate allow to getExecutor() to performer without Permission.READ.");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistedExecutorByAuthorizedPerformer() throws Exception {
+    public void testGetUnexistedExecutorByAuthorizedUser() {
         executorsIDs = Lists.newArrayList(-1L, -2L, -3L);
         try {
-            th.getExecutors(th.getAuthorizedPerformerUser(), executorsIDs);
+            h.getExecutors(h.getAuthorizedUser(), executorsIDs);
             fail("businessDelegate does not throw Exception to getExecutor() for UnexistedExecutor");
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        executorsIDs = null;
-        additionalActorGroupsMixed = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupByIdTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupByIdTest.java
index a9b9a315b9..7fa724e0a5 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupByIdTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupByIdTest.java
@@ -19,6 +19,8 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Map;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
@@ -29,81 +31,74 @@
 import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 
-import java.util.List;
-import java.util.Map;
-
 public class ExecutorServiceDelegateGetGroupByIdTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetGroupByIdTest.class.getName();
-
     private Group group;
-
     private Map<String, Executor> executorsMap;
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
 
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, th.getSubGroup());
 
-        th.setPermissionsToAuthorizedPerformer(readPermissions, th.getBaseGroupActor());
-        super.setUp();
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, group);
+        h.setPermissionsToAuthorizedActor(pp, h.getSubGroup());
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroupActor());
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        group = null;
+        executorsMap = null;
     }
 
-    public void testGetExecutorByAuthorizedPerformer() throws Exception {
-        Group returnedBaseGroup = executorService.getExecutor(th.getAuthorizedPerformerUser(), group.getId());
+    public void testGetExecutorByAuthorizedUser() {
+        Group returnedBaseGroup = executorService.getExecutor(h.getAuthorizedUser(), group.getId());
         assertEquals("actor retuned by businessDelegate differes with expected", group, returnedBaseGroup);
         Group subGroup = (Group) executorsMap.get(ServiceTestHelper.SUB_GROUP_NAME);
-        Group returnedSubGroup = executorService.getExecutor(th.getAuthorizedPerformerUser(), subGroup.getId());
+        Group returnedSubGroup = executorService.getExecutor(h.getAuthorizedUser(), subGroup.getId());
         assertEquals("actor retuned by businessDelegate differes with expected", subGroup, returnedSubGroup);
     }
 
-    public void testGetExecutorByUnauthorizedPerformer() throws Exception {
+    public void testGetExecutorByUnauthorizedUser() {
         try {
-            executorService.getExecutor(th.getUnauthorizedPerformerUser(), group.getId());
+            executorService.getExecutor(h.getUnauthorizedUser(), group.getId());
             fail("businessDelegate allow to getExecutor()");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
         try {
-            executorService.getExecutor(th.getUnauthorizedPerformerUser(), th.getSubGroup().getId());
+            executorService.getExecutor(h.getUnauthorizedUser(), h.getSubGroup().getId());
             fail("businessDelegate allow to getSubGroup()");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistedGroupByAuthorizedPerformer() throws Exception {
+    public void testGetUnexistedGroupByAuthorizedUser() {
         try {
-            executorService.getExecutor(th.getAuthorizedPerformerUser(), -1l);
-            fail("businessDelegate does not throw Exception to getExecutor() in testGetUnexistedGroupByAuthorizedPerformer");
+            executorService.getExecutor(h.getAuthorizedUser(), -1L);
+            fail();
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetActorInsteadOfGroup() throws Exception {
+    public void testGetActorInsteadOfGroup() {
         try {
-            Group actor = executorService.<Group>getExecutor(th.getAuthorizedPerformerUser(), th.getBaseGroupActor().getId());
+            Group actor = executorService.<Group>getExecutor(h.getAuthorizedUser(), h.getBaseGroupActor().getId());
             fail("businessDelegate allow to getExecutor() where the actor really is returned.");
         } catch (ClassCastException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        group = null;
-        executorsMap = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupChildrenTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupChildrenTest.java
index f0435f9660..f58f781aa5 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupChildrenTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupChildrenTest.java
@@ -18,12 +18,11 @@
 
 package ru.runa.af.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.List;
 import java.util.Map;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.security.AuthenticationException;
@@ -34,92 +33,82 @@
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
 import ru.runa.wfe.user.Group;
-import ru.runa.wfe.user.User;
-
-import com.google.common.collect.Lists;
 
 public class ExecutorServiceDelegateGetGroupChildrenTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetGroupChildrenTest.class.getName();
-
     private Group group;
-
     private Group subGroup;
-
     private Actor actor;
 
     private Map<String, Executor> executorsMap;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
+        
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
 
         actor = (Actor) executorsMap.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
         subGroup = (Group) executorsMap.get(ServiceTestHelper.SUB_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, subGroup);
 
-        actor = executorService.getExecutor(th.getAdminUser(), actor.getId());
-        group = executorService.getExecutor(th.getAdminUser(), group.getId());
-        subGroup = executorService.getExecutor(th.getAdminUser(), subGroup.getId());
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, actor);
+        h.setPermissionsToAuthorizedActor(pp, group);
+        h.setPermissionsToAuthorizedActor(pp, subGroup);
 
-        super.setUp();
+        actor = executorService.getExecutor(h.getAdminUser(), actor.getId());
+        group = executorService.getExecutor(h.getAdminUser(), group.getId());
+        subGroup = executorService.getExecutor(h.getAdminUser(), subGroup.getId());
     }
 
-    final public void testGetGroupChildrenByAuthorizedPerformer() throws Exception {
-        List<Executor> calculatedGroupChildren = executorService.getGroupChildren(th.getAuthorizedPerformerUser(), group,
-                th.getExecutorBatchPresentation(), false);
-        List<Executor> realGroupChildren = Lists.newArrayList(th.getBaseGroupActor(), th.getSubGroup());
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        h = null;
+        executorsMap = null;
+        executorService = null;
+        actor = null;
+        group = null;
+        subGroup = null;
+    }
+
+    final public void testGetGroupChildrenByAuthorizedUser() {
+        List<Executor> calculatedGroupChildren = executorService.getGroupChildren(h.getAuthorizedUser(), group,
+                h.getExecutorBatchPresentation(), false);
+        List<Executor> realGroupChildren = Lists.newArrayList(h.getBaseGroupActor(), h.getSubGroup());
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorGroups() returns wrong group set", realGroupChildren, calculatedGroupChildren);
     }
 
-    public void testGetExecutorGroupsByUnauthorizedPerformer() throws Exception {
+    public void testGetExecutorGroupsByUnauthorizedUser() {
         try {
-            executorService.getGroupChildren(th.getUnauthorizedPerformerUser(), group, th.getExecutorBatchPresentation(), false);
-            fail("businessDelegate.getGroupChildrenByUnauthorizedPerformer() no AuthorizationFailedException");
+            executorService.getGroupChildren(h.getUnauthorizedUser(), group, h.getExecutorBatchPresentation(), false);
+            fail();
         } catch (AuthorizationException e) {
             // That's what we expect
         }
     }
 
-    public void testGetExecutorGroupsWithoutPermission() throws Exception {
+    public void testGetExecutorGroupsWithoutPermission() {
         try {
-            th.setPermissionsToAuthorizedPerformer(Lists.newArrayList(), group);
-            executorService.getGroupChildren(th.getAuthorizedPerformerUser(), group, th.getExecutorBatchPresentation(), false);
+            h.setPermissionsToAuthorizedActor(Lists.newArrayList(), group);
+            executorService.getGroupChildren(h.getAuthorizedUser(), group, h.getExecutorBatchPresentation(), false);
             fail("testGetGroupChildrenwithoutPermission no Exception");
         } catch (AuthorizationException e) {
             // That's what we expect
         }
     }
 
-    public void testGetExecutorGroupsWithFakeSubject() throws Exception {
+    public void testGetExecutorGroupsWithFakeUser() {
         try {
-            User fakeUser = th.getFakeUser();
-            executorService.getGroupChildren(fakeUser, group, th.getExecutorBatchPresentation(), false);
-            fail("testGetExecutorGroupsWithFakeSubject no Exception");
+            executorService.getGroupChildren(h.getFakeUser(), group, h.getExecutorBatchPresentation(), false);
+            fail();
         } catch (AuthenticationException e) {
             // That's what we expect
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        th = null;
-        executorsMap = null;
-        executorService = null;
-        actor = null;
-        group = null;
-        subGroup = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupTest.java
index 6e7b2cd2bb..328308b9cf 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupTest.java
@@ -19,6 +19,8 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Map;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
@@ -29,82 +31,76 @@
 import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 
-import java.util.List;
-import java.util.Map;
-
 public class ExecutorServiceDelegateGetGroupTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private final String PREFIX = getClass().getName();
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetGroupTest.class.getName();
-
     private Group group;
-
     private Map<String, Executor> executorsMap;
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(PREFIX);
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
 
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, th.getSubGroup());
 
-        th.setPermissionsToAuthorizedPerformer(readPermissions, th.getBaseGroupActor());
-        super.setUp();
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, group);
+        h.setPermissionsToAuthorizedActor(pp, h.getSubGroup());
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroupActor());
+    }
+
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        group = null;
+        executorsMap = null;
     }
 
-    public void testGetExecutorByNameByAuthorizedPerformer() throws Exception {
-        Group returnedBaseGroup = executorService.getExecutorByName(th.getAuthorizedPerformerUser(), testPrefix + ServiceTestHelper.BASE_GROUP_NAME);
+    public void testGetExecutorByNameByAuthorizedUser() {
+        Group returnedBaseGroup = executorService.getExecutorByName(h.getAuthorizedUser(), PREFIX + ServiceTestHelper.BASE_GROUP_NAME);
         assertEquals("actor retuned by businessDelegate differes with expected", group, returnedBaseGroup);
-        Group returnedSubGroup = executorService.getExecutorByName(th.getAuthorizedPerformerUser(), testPrefix + ServiceTestHelper.SUB_GROUP_NAME);
+        Group returnedSubGroup = executorService.getExecutorByName(h.getAuthorizedUser(), PREFIX + ServiceTestHelper.SUB_GROUP_NAME);
         Group subGroup = (Group) executorsMap.get(ServiceTestHelper.SUB_GROUP_NAME);
         assertEquals("actor retuned by businessDelegate differes with expected", subGroup, returnedSubGroup);
     }
 
-    public void testGetExecutorByNameByUnauthorizedPerformer() throws Exception {
+    public void testGetExecutorByNameByUnauthorizedUser() {
         try {
-            executorService.getExecutorByName(th.getUnauthorizedPerformerUser(), testPrefix + ServiceTestHelper.BASE_GROUP_NAME);
+            executorService.getExecutorByName(h.getUnauthorizedUser(), PREFIX + ServiceTestHelper.BASE_GROUP_NAME);
             fail("businessDelegate allow to getExecutorByName()");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
         try {
-            executorService.getExecutorByName(th.getUnauthorizedPerformerUser(), testPrefix + ServiceTestHelper.SUB_GROUP_NAME);
+            executorService.getExecutorByName(h.getUnauthorizedUser(), PREFIX + ServiceTestHelper.SUB_GROUP_NAME);
             fail("businessDelegate allow to getExecutorByName()");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistedGroupByAuthorizedPerformer() throws Exception {
+    public void testGetUnexistedGroupByAuthorizedUser() {
         try {
-            executorService.getExecutorByName(th.getAuthorizedPerformerUser(), testPrefix + "unexistent group name");
-            fail("businessDelegate does not throw Exception to getExecutorByName() in testGetUnexistedGroupByAuthorizedPerformer");
+            executorService.getExecutorByName(h.getAuthorizedUser(), PREFIX + "unexistent group name");
+            fail();
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetActorInsteadOfGroup() throws Exception {
+    public void testGetActorInsteadOfGroup() {
         try {
-            Group group = executorService.<Group>getExecutorByName(th.getAuthorizedPerformerUser(),
-                    testPrefix + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
+            Group group = executorService.<Group>getExecutorByName(h.getAuthorizedUser(),
+                    PREFIX + ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
             fail("businessDelegate allow to getExecutorByName() where the actor really is returned.");
         } catch (ClassCastException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        group = null;
-        executorsMap = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsByIDsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsByIDsTest.java
index 856af855a3..94fa53e24b 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsByIDsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsByIDsTest.java
@@ -23,8 +23,6 @@
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.service.ExecutorService;
-import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.*;
 
 import java.util.List;
@@ -33,76 +31,69 @@
  * Created on 16.02.2005
  */
 public class ExecutorServiceDelegateGetGroupsByIDsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
-    private ExecutorService executorService;
-
-    private static String testPrefix = ExecutorServiceDelegateAddManyExecutorsToGroupsTest.class.getName();
-
+    private ServiceTestHelper h;
     private List<Group> additionalGroups;
     private List<Long> additionalGroupsIDs;
 
     private final List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
 
-    protected void setUp() throws Exception {
-        executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        additionalGroups = th.createGroupArray("additionalG", "Additional Group");
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, additionalGroups);
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
+        additionalGroups = h.createGroupArray("additionalG", "Additional Group");
+        h.setPermissionsToAuthorizedActor(readPermissions, additionalGroups);
 
         additionalGroupsIDs = Lists.newArrayList();
         for (Group group : additionalGroups) {
             additionalGroupsIDs.add(group.getId());
         }
-        super.setUp();
     }
 
-    public void testGetGroupsByAuthorizedPerformer() throws Exception {
-        List<Group> returnedGroups = th.getExecutors(th.getAuthorizedPerformerUser(), additionalGroupsIDs);
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        additionalGroupsIDs = null;
+        additionalGroups = null;
+    }
+
+    public void testGetGroupsByAuthorizedUser() {
+        List<Group> returnedGroups = h.getExecutors(h.getAuthorizedUser(), additionalGroupsIDs);
         ArrayAssert.assertWeakEqualArrays("Groups retuned by businessDelegate differes with expected", returnedGroups, additionalGroups);
     }
 
-    public void testGetGroupsByUnauthorizedPerformer() throws Exception {
+    public void testGetGroupsByUnauthorizedUser() {
         try {
-            th.getExecutors(th.getUnauthorizedPerformerUser(), additionalGroupsIDs);
-            assertTrue("businessDelegate allow to getGroups() with UnauthorizedPerformerSubject", false);
+            h.getExecutors(h.getUnauthorizedUser(), additionalGroupsIDs);
+            fail();
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetUnexistedGroupByAuthorizedPerformer() throws Exception {
+    public void testGetUnexistedGroupByAuthorizedUser() {
         additionalGroupsIDs = Lists.newArrayList(-1L, -2L, -3L);
         try {
-            th.getExecutors(th.getAuthorizedPerformerUser(), additionalGroupsIDs);
-            assertTrue("businessDelegate does not throw Exception to getGroups() for unexisting groups", false);
+            h.getExecutors(h.getAuthorizedUser(), additionalGroupsIDs);
+            fail("businessDelegate does not throw Exception to getGroups() for unexisting groups");
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetActorsInsteadOfGroups() throws Exception {
-        List<Executor> additional = th.createMixedActorsGroupsArray("mixed", "Additional mixed");
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, additional);
+    public void testGetActorsInsteadOfGroups() {
+        List<Executor> additional = h.createMixedActorsGroupsArray("mixed", "Additional mixed");
+        h.setPermissionsToAuthorizedActor(readPermissions, additional);
 
         additionalGroupsIDs = Lists.newArrayList();
         for (Executor executor : additional) {
             additionalGroupsIDs.add(executor.getId());
         }
         try {
-            List<Actor> actors = th.<Actor>getExecutors(th.getAuthorizedPerformerUser(), additionalGroupsIDs);
+            List<Actor> actors = h.<Actor>getExecutors(h.getAuthorizedUser(), additionalGroupsIDs);
             // TODO assertTrue("businessDelegate allow to getGroup() where the actor really is returned.", false);
         } catch (ExecutorDoesNotExistException e) {
-            // That's what we expect
+            // Expected.
             fail("TODO trap");
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        additionalGroupsIDs = null;
-        additionalGroups = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsInThatExecutorNotPresentTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsInThatExecutorNotPresentTest.java
index bc908f4ba9..fe45abc75b 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsInThatExecutorNotPresentTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateGetGroupsInThatExecutorNotPresentTest.java
@@ -21,6 +21,7 @@
 import java.util.List;
 import java.util.Map;
 
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 
 import ru.runa.af.service.ServiceTestHelper;
@@ -38,98 +39,92 @@
 import com.google.common.collect.Lists;
 
 public class ExecutorServiceDelegateGetGroupsInThatExecutorNotPresentTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateGetGroupsInThatExecutorNotPresentTest.class.getName();
-
     private Group group;
-
     private Group subGroup;
-
     private Actor actor;
 
     private Map<String, Executor> executorsMap;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> readPermissions = Lists.newArrayList(Permission.READ);
-        executorsMap = th.getDefaultExecutorsMap();
+
+        h.createDefaultExecutorsMap();
+        executorsMap = h.getDefaultExecutorsMap();
 
         actor = (Actor) executorsMap.get(ServiceTestHelper.SUB_GROUP_ACTOR_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
         group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
         subGroup = (Group) executorsMap.get(ServiceTestHelper.SUB_GROUP_NAME);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
-        th.setPermissionsToAuthorizedPerformer(readPermissions, subGroup);
 
-        actor = executorService.getExecutor(th.getAdminUser(), actor.getId());
-        group = executorService.getExecutor(th.getAdminUser(), group.getId());
-        subGroup = executorService.getExecutor(th.getAdminUser(), subGroup.getId());
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, actor);
+        h.setPermissionsToAuthorizedActor(pp, group);
+        h.setPermissionsToAuthorizedActor(pp, subGroup);
 
-        super.setUp();
+        actor = executorService.getExecutor(h.getAdminUser(), actor.getId());
+        group = executorService.getExecutor(h.getAdminUser(), group.getId());
+        subGroup = executorService.getExecutor(h.getAdminUser(), subGroup.getId());
     }
 
-    final public void testgetExecutorsInThatExecutorNotPresentByAuthorizedPerformer1() throws Exception {
-        List<Group> calculatedGroups = executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), actor, th.getExecutorBatchPresentation(),
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        h = null;
+        executorsMap = null;
+        executorService = null;
+        actor = null;
+        group = null;
+        subGroup = null;
+    }
+
+    public void testgetExecutorsInThatExecutorNotPresentByAuthorizedUser1() {
+        List<Group> calculatedGroups = executorService.getExecutorGroups(h.getAuthorizedUser(), actor, h.getExecutorBatchPresentation(),
                 true);
         List<Group> realGroups = Lists.newArrayList(group);
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorsInThatExecutorNotPresent() returns wrong group set", realGroups,
                 calculatedGroups);
     }
 
-    final public void testgetExecutorsInThatExecutorNotPresentByAuthorizedPerformer2() throws Exception {
-        List<Group> calculatedGroups = executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), group, th.getExecutorBatchPresentation(),
+    public void testgetExecutorsInThatExecutorNotPresentByAuthorizedUser2() {
+        List<Group> calculatedGroups = executorService.getExecutorGroups(h.getAuthorizedUser(), group, h.getExecutorBatchPresentation(),
                 true);
         List<Group> realGroups = Lists.newArrayList(subGroup);
         ArrayAssert.assertWeakEqualArrays("businessDelegate.getExecutorsInThatExecutorNotPresent() returns wrong group set", realGroups,
                 calculatedGroups);
     }
 
-    public void testGetExecutorGroupsByUnauthorizedPerformer() throws Exception {
+    public void testGetExecutorGroupsByUnauthorizedUser() {
         try {
-            executorService.getExecutorGroups(th.getUnauthorizedPerformerUser(), actor, th.getExecutorBatchPresentation(), true);
-            assertTrue("businessDelegate.getExecutorsInThatExecutorNotPresent() no AuthorizationFailedException", false);
+            executorService.getExecutorGroups(h.getUnauthorizedUser(), actor, h.getExecutorBatchPresentation(), true);
+            fail("businessDelegate.getExecutorsInThatExecutorNotPresent() no AuthorizationFailedException");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetExecutorGroupsWithoutPermission() throws Exception {
+    public void testGetExecutorGroupsWithoutPermission() {
         try {
             List<Permission> noPermissions = Lists.newArrayList();
-            th.setPermissionsToAuthorizedPerformer(noPermissions, actor);
-            actor = executorService.getExecutor(th.getAdminUser(), actor.getId());
-            executorService.getExecutorGroups(th.getAuthorizedPerformerUser(), actor, th.getExecutorBatchPresentation(), true);
-            assertTrue("testgetExecutorsInThatExecutorNotPresentwithoutPermission no Exception", false);
+            h.setPermissionsToAuthorizedActor(noPermissions, actor);
+            actor = executorService.getExecutor(h.getAdminUser(), actor.getId());
+            executorService.getExecutorGroups(h.getAuthorizedUser(), actor, h.getExecutorBatchPresentation(), true);
+            fail("testgetExecutorsInThatExecutorNotPresentwithoutPermission no Exception");
         } catch (AuthorizationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 
-    public void testGetExecutorGroupsWithFakeSubject() throws Exception {
+    public void testGetExecutorGroupsWithFakeUser() {
         try {
-            User fakeUser = th.getFakeUser();
-            executorService.getExecutorGroups(fakeUser, actor, th.getExecutorBatchPresentation(), true);
-            assertTrue("testGetExecutorGroupsWithFakeSubject no Exception", false);
+            User fakeUser = h.getFakeUser();
+            executorService.getExecutorGroups(fakeUser, actor, h.getExecutorBatchPresentation(), true);
+            fail();
         } catch (AuthenticationException e) {
-            // That's what we expect
+            // Expected.
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        th = null;
-        executorsMap = null;
-        executorService = null;
-        actor = null;
-        group = null;
-        subGroup = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateHierarchyPermissionsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateHierarchyPermissionsTest.java
index db51d82177..9730cb0ab5 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateHierarchyPermissionsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateHierarchyPermissionsTest.java
@@ -26,69 +26,52 @@
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.Collection;
-import java.util.Map;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.Group;
+import ru.runa.wfe.user.User;
 
+/**
+ * Sets some permission on Group and tests Group's member is allowed.
+ */
 public class ExecutorServiceDelegateHierarchyPermissionsTest extends ServletTestCase {
-
     private static final String ACTOR_PWD = "ActorPWD";
 
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
-
     private AuthorizationService authorizationService;
 
-    private static String testPrefix = ExecutorServiceDelegateHierarchyPermissionsTest.class.getName();
-
     private Actor actor;
-
     private Group group;
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(ExecutorServiceDelegateHierarchyPermissionsTest.class.getName());
         executorService = Delegates.getExecutorService();
         authorizationService = Delegates.getAuthorizationService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        Collection<Permission> updatePermission = Lists.newArrayList(Permission.UPDATE);
-        Collection<Permission> loginPermissions = Lists.newArrayList(Permission.LOGIN);
-        Collection<Permission> createExecutorPermissions = Lists.newArrayList(Permission.CREATE);
 
-        Map<String, Executor> executorsMap = th.getDefaultExecutorsMap();
+        h.createDefaultExecutorsMap();
+        actor = h.getBaseGroupActor();
+        group = h.getBaseGroup();
 
-        actor = (Actor) executorsMap.get(ServiceTestHelper.BASE_GROUP_ACTOR_NAME);
-        group = (Group) executorsMap.get(ServiceTestHelper.BASE_GROUP_NAME);
+        executorService.setPassword(h.getAdminUser(), actor, ACTOR_PWD);
 
-        th.setPermissionsToAuthorizedPerformerOnExecutors(updatePermission);
-
-        actor = executorService.getExecutor(th.getAdminUser(), actor.getId());
-        authorizationService.setPermissions(th.getAuthorizedPerformerUser(), actor.getId(), loginPermissions, SecuredSingleton.EXECUTORS);
-        group = executorService.getExecutor(th.getAdminUser(), group.getId());
-        authorizationService.setPermissions(th.getAuthorizedPerformerUser(), group.getId(), createExecutorPermissions, SecuredSingleton.EXECUTORS);
-        actor = executorService.getExecutor(th.getAdminUser(), actor.getId());
-        executorService.setPassword(th.getAuthorizedPerformerUser(), actor, ACTOR_PWD);
-
-        super.setUp();
+        authorizationService.setPermissions(h.getAdminUser(), group.getId(), Lists.newArrayList(Permission.CREATE_EXECUTOR),
+                SecuredSingleton.SYSTEM);
+        authorizationService.setPermissions(h.getAdminUser(), actor.getId(), Lists.newArrayList(Permission.LOGIN),
+                SecuredSingleton.SYSTEM);
     }
 
-    public void testPermissionsInheritance() throws Exception {
-        User additionalUser = Delegates.getAuthenticationService().authenticateByLoginPassword(actor.getName(), ACTOR_PWD);
-
-        if (!authorizationService.isAllowed(additionalUser, Permission.CREATE, SecuredSingleton.EXECUTORS)) {
-            assertTrue("unproper createExecutor permission ", false);
-        }
-    }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
         executorService = null;
         authorizationService = null;
         actor = null;
         group = null;
-
-        super.tearDown();
     }
 
+    public void testPermissionsInheritance() {
+        User user = Delegates.getAuthenticationService().authenticateByLoginPassword(actor.getName(), ACTOR_PWD);
+        assertTrue(authorizationService.isAllowed(user, Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM));
+    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRelationsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRelationsTest.java
index 9b501e6233..e5b4897115 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRelationsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRelationsTest.java
@@ -18,11 +18,8 @@
 package ru.runa.af.delegate;
 
 import java.util.List;
-
 import junit.framework.Assert;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentationFactory;
 import ru.runa.wfe.relation.Relation;
@@ -32,81 +29,78 @@
 import ru.runa.wfe.user.Actor;
 
 public class ExecutorServiceDelegateRelationsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private RelationService relationService;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
         relationService = Delegates.getRelationService();
-        th = new ServiceTestHelper(ExecutorServiceDelegateRelationsTest.class.getName());
-        th.createDefaultExecutorsMap();
-        super.setUp();
+        h = new ServiceTestHelper(getClass().getName());
+        h.createDefaultExecutorsMap();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        super.tearDown();
+    protected void tearDown() {
+        h.releaseResources();
     }
 
     /**
      * Test for adding and removing relation groups. No relation pairs added; no relation pairs testing. Loading relations with
-     * {@link ru.runa.wfe.presentation.BatchPresentations} test.
+     * {@link ru.runa.wfe.presentation.BatchPresentation} test.
      */
-    public void testAddRemoveRelationGroup() throws Exception {
+    public void testAddRemoveRelationGroup() {
         String groupName = "Relation1";
         String groupName2 = "Relation2";
-        Relation relationGroup = relationService.createRelation(th.getAdminUser(), new Relation(groupName, groupName));
+        Relation relationGroup = relationService.createRelation(h.getAdminUser(), new Relation(groupName, groupName));
         Assert.assertEquals(groupName, relationGroup.getName());
-        List<Relation> groups = relationService.getRelations(th.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
+        List<Relation> groups = relationService.getRelations(h.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
         Assert.assertEquals(1, groups.size());
         Assert.assertEquals(groups.get(0).getName(), groupName);
-        Relation relationGroup2 = relationService.createRelation(th.getAdminUser(), new Relation(groupName2, groupName2));
-        groups = relationService.getRelations(th.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
+        Relation relationGroup2 = relationService.createRelation(h.getAdminUser(), new Relation(groupName2, groupName2));
+        groups = relationService.getRelations(h.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
         Assert.assertEquals(2, groups.size());
         Assert.assertTrue((groups.get(0).getName().equals(groupName) && groups.get(1).getName().equals(groupName2))
                 || (groups.get(0).getName().equals(groupName2) && groups.get(1).getName().equals(groupName)));
-        relationService.removeRelation(th.getAdminUser(), relationGroup.getId());
-        groups = relationService.getRelations(th.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
+        relationService.removeRelation(h.getAdminUser(), relationGroup.getId());
+        groups = relationService.getRelations(h.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
         Assert.assertEquals(1, groups.size());
         Assert.assertEquals(groups.get(0).getName(), groupName2);
-        relationService.removeRelation(th.getAdminUser(), relationGroup2.getId());
-        groups = relationService.getRelations(th.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
+        relationService.removeRelation(h.getAdminUser(), relationGroup2.getId());
+        groups = relationService.getRelations(h.getAdminUser(), BatchPresentationFactory.RELATIONS.createDefault());
         Assert.assertEquals(0, groups.size());
     }
 
     /**
      * Add/remove relation pairs test. Simple test for relation pair loading.
      */
-    public void testAddRemoveRelation() throws Exception {
+    public void testAddRemoveRelation() {
         String groupName = "Relation1";
         String groupName2 = "Relation2";
-        Relation relationGroup = relationService.createRelation(th.getAdminUser(), new Relation(groupName, groupName));
-        Relation relationGroup2 = relationService.createRelation(th.getAdminUser(), new Relation(groupName2, groupName2));
-        Actor a1 = th.createActorIfNotExist("1", "1");
-        Actor a2 = th.createActorIfNotExist("2", "2");
-        Actor a3 = th.createActorIfNotExist("3", "3");
-        relationService.addRelationPair(th.getAdminUser(), relationGroup.getId(), a1, a3);
-        relationService.addRelationPair(th.getAdminUser(), relationGroup2.getId(), a2, a3);
-        relationService.addRelationPair(th.getAdminUser(), relationGroup.getId(), a1, a3);
-        relationService.addRelationPair(th.getAdminUser(), relationGroup2.getId(), a1, a3);
-        List<RelationPair> relations = relationService.getRelationPairs(th.getAdminUser(), groupName,
+        Relation relationGroup = relationService.createRelation(h.getAdminUser(), new Relation(groupName, groupName));
+        Relation relationGroup2 = relationService.createRelation(h.getAdminUser(), new Relation(groupName2, groupName2));
+        Actor a1 = h.createActorIfNotExist("1", "1");
+        Actor a2 = h.createActorIfNotExist("2", "2");
+        Actor a3 = h.createActorIfNotExist("3", "3");
+        relationService.addRelationPair(h.getAdminUser(), relationGroup.getId(), a1, a3);
+        relationService.addRelationPair(h.getAdminUser(), relationGroup2.getId(), a2, a3);
+        relationService.addRelationPair(h.getAdminUser(), relationGroup.getId(), a1, a3);
+        relationService.addRelationPair(h.getAdminUser(), relationGroup2.getId(), a1, a3);
+        List<RelationPair> relations = relationService.getRelationPairs(h.getAdminUser(), groupName,
                 BatchPresentationFactory.RELATION_PAIRS.createDefault());
         assertEquals(1, relations.size());
         assertEquals(a1, relations.get(0).getLeft());
         assertEquals(a3, relations.get(0).getRight());
         RelationPair toRemove = relations.get(0);
-        relations = relationService.getRelationPairs(th.getAdminUser(), groupName2, BatchPresentationFactory.RELATION_PAIRS.createDefault());
+        relations = relationService.getRelationPairs(h.getAdminUser(), groupName2, BatchPresentationFactory.RELATION_PAIRS.createDefault());
         assertEquals(2, relations.size());
         assertTrue(((relations.get(0).getLeft().equals(a2) && relations.get(0).getRight().equals(a3))
                 && (relations.get(1).getLeft().equals(a1) && relations.get(1).getRight().equals(a3)))
                 || ((relations.get(1).getLeft().equals(a2) && relations.get(1).getRight().equals(a3))
                         && (relations.get(0).getLeft().equals(a1) && relations.get(0).getRight().equals(a3))));
-        relationService.removeRelationPair(th.getAdminUser(), toRemove.getId());
+        relationService.removeRelationPair(h.getAdminUser(), toRemove.getId());
         assertEquals(0,
-                relationService.getRelationPairs(th.getAdminUser(), groupName, BatchPresentationFactory.RELATION_PAIRS.createDefault()).size());
-        relationService.removeRelation(th.getAdminUser(), relationGroup.getId());
-        relationService.removeRelation(th.getAdminUser(), relationGroup2.getId());
+                relationService.getRelationPairs(h.getAdminUser(), groupName, BatchPresentationFactory.RELATION_PAIRS.createDefault()).size());
+        relationService.removeRelation(h.getAdminUser(), relationGroup.getId());
+        relationService.removeRelation(h.getAdminUser(), relationGroup2.getId());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest.java
index ea5dde31e5..31ab97639c 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest.java
@@ -18,28 +18,25 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Collection;
+import java.util.List;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.Collection;
-import java.util.List;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.Executor;
+import ru.runa.wfe.user.ExecutorDoesNotExistException;
+import ru.runa.wfe.user.Group;
 
 /*
  */
 public class ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest.class.getName();
-
     private long additionalGroupId;
     private long additionalActorId;
 
@@ -48,13 +45,14 @@ public class ExecutorServiceDelegateRemoveExecutorFromManyGroupsTest extends Ser
     private final Collection<Permission> updatePermissions = Lists.newArrayList(Permission.UPDATE);
     private final Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
 
-        Actor additionalActor = th.createActorIfNotExist("additionalA", "Additional Actor");
-        Group additionalGroup = th.createGroupIfNotExist("additionalG", "Additional Group");
-        List<Group> additionalGroups = th.createGroupArray("additionalGroups", "Additional Groups");
+        Actor additionalActor = h.createActorIfNotExist("additionalA", "Additional Actor");
+        Group additionalGroup = h.createGroupIfNotExist("additionalG", "Additional Group");
+        List<Group> additionalGroups = h.createGroupArray("additionalGroups", "Additional Groups");
 
         additionalActorId = additionalActor.getId();
         additionalGroupId = additionalGroup.getId();
@@ -63,105 +61,100 @@ protected void setUp() throws Exception {
             additionalGroupsIds.add(group.getId());
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, getAdditionalActor());
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, getAdditionalGroup());
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, getAdditionalGroups());
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalActor());
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalGroup());
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalGroups());
 
-        executorService.addExecutorToGroups(th.getAuthorizedPerformerUser(), getAdditionalActor().getId(), th.toIds(getAdditionalGroups()));
-        executorService.addExecutorToGroups(th.getAuthorizedPerformerUser(), getAdditionalGroup().getId(), th.toIds(getAdditionalGroups()));
+        executorService.addExecutorToGroups(h.getAuthorizedUser(), getAdditionalActor().getId(), h.toIds(getAdditionalGroups()));
+        executorService.addExecutorToGroups(h.getAuthorizedUser(), getAdditionalGroup().getId(), h.toIds(getAdditionalGroups()));
+    }
 
-        super.setUp();
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
     }
 
-    private List<Group> getAdditionalGroups()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return th.getExecutors(th.getAdminUser(), additionalGroupsIds);
+    private List<Group> getAdditionalGroups() {
+        return h.getExecutors(h.getAdminUser(), additionalGroupsIds);
     }
 
-    private Actor getAdditionalActor()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), additionalActorId);
+    private Actor getAdditionalActor() {
+        return executorService.getExecutor(h.getAdminUser(), additionalActorId);
     }
 
-    private Group getAdditionalGroup()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), additionalGroupId);
+    private Group getAdditionalGroup() {
+        return executorService.getExecutor(h.getAdminUser(), additionalGroupId);
     }
 
-    public void testRemoveActorFromGroupsByAuthorizedPerformer() throws Exception {
+    public void testRemoveActorFromGroupsByAuthorizedUser() {
 
-        assertTrue("Executor is not in groups before removing", th.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
+        assertTrue("Executor is not in groups before removing", h.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
 
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, getAdditionalGroups());
+        h.setPermissionsToAuthorizedActor(readPermissions, getAdditionalGroups());
         Executor executor = getAdditionalActor();
         try {
-            executorService.removeExecutorFromGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+            executorService.removeExecutorFromGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
             fail("Executors removed from group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, getAdditionalGroups());
-        executorService.removeExecutorFromGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalGroups());
+        executorService.removeExecutorFromGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
 
-        assertFalse("Executor not removed from group ", th.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
+        assertFalse("Executor not removed from group ", h.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
     }
 
-    public void testRemoveGrouprFromGroupsByAuthorizedPerformer() throws Exception {
+    public void testRemoveGrouprFromGroupsByAuthorizedUser() {
 
-        assertTrue("Executor is not in groups before removing", th.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
+        assertTrue("Executor is not in groups before removing", h.isExecutorInGroups(getAdditionalActor(), getAdditionalGroups()));
 
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(readPermissions, getAdditionalGroups());
+        h.setPermissionsToAuthorizedActor(readPermissions, getAdditionalGroups());
         Executor executor = getAdditionalGroup();
         try {
-            executorService.removeExecutorFromGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+            executorService.removeExecutorFromGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
             fail("Executors removed from group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, getAdditionalGroups());
-        executorService.removeExecutorFromGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalGroups());
+        executorService.removeExecutorFromGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
 
-        assertFalse("Executor not removed from group ", th.isExecutorInGroups(getAdditionalGroup(), getAdditionalGroups()));
+        assertFalse("Executor not removed from group ", h.isExecutorInGroups(getAdditionalGroup(), getAdditionalGroups()));
     }
 
-    public void testRemoveActorFromGroupsByUnAuthorizedPerformer() throws Exception {
+    public void testRemoveActorFromGroupsByUnAuthorizedUser() {
         Executor executor = getAdditionalActor();
         try {
-            executorService.removeExecutorFromGroups(th.getUnauthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
-            fail("Executor is removed from groups ByUnAuthorizedPerformer");
+            executorService.removeExecutorFromGroups(h.getUnauthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
+            fail();
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
 
-    public void testRemoveGroupFromGroupsByUnAuthorizedPerformer() throws Exception {
+    public void testRemoveGroupFromGroupsByUnAuthorizedUser() {
         Executor executor = getAdditionalGroup();
         try {
-            executorService.removeExecutorFromGroups(th.getUnauthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
-            fail("Executor is removed from groups ByUnAuthorizedPerformer");
+            executorService.removeExecutorFromGroups(h.getUnauthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
+            fail();
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
 
-    public void testRemoveFakeActorFromGroups() throws Exception {
-        Executor executor = th.getFakeActor();
+    public void testRemoveFakeActorFromGroups() {
+        Executor executor = h.getFakeActor();
         try {
-            executorService.removeExecutorFromGroups(th.getAuthorizedPerformerUser(), executor.getId(), th.toIds(getAdditionalGroups()));
+            executorService.removeExecutorFromGroups(h.getAuthorizedUser(), executor.getId(), h.toIds(getAdditionalGroups()));
             fail("FakeExecutor removed from groups ");
         } catch (AuthorizationException e) {
             // TODO
         } catch (ExecutorDoesNotExistException e) {
-            // this is supposed result
+            // Expected.
             fail("TODO trap");
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorsFromGroupTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorsFromGroupTest.java
index 7badaad2a7..55a59ede90 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorsFromGroupTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveExecutorsFromGroupTest.java
@@ -19,126 +19,109 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Collection;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 
-import java.util.Collection;
-
 public class ExecutorServiceDelegateRemoveExecutorsFromGroupTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateRemoveExecutorsFromGroupTest.class.getName();
-
     private Actor actor;
-
     private Group group;
-
     private Group subGroup;
 
     private final Collection<Permission> updatePermissions = Lists.newArrayList(Permission.UPDATE);
-
     private final Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
+        h = new ServiceTestHelper(getClass().getName());
+        h.createDefaultExecutorsMap();
 
-        actor = th.getBaseGroupActor();
-        th.setPermissionsToAuthorizedPerformer(readPermissions, actor);
-        group = th.getBaseGroup();
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, group);
-        subGroup = th.getSubGroup();
-        th.setPermissionsToAuthorizedPerformer(readPermissions, subGroup);
+        actor = h.getBaseGroupActor();
+        group = h.getBaseGroup();
+        subGroup = h.getSubGroup();
 
-        super.setUp();
+        h.setPermissionsToAuthorizedActor(readPermissions, actor);
+        h.setPermissionsToAuthorizedActor(updatePermissions, group);
+        h.setPermissionsToAuthorizedActor(readPermissions, subGroup);
     }
 
-    private Actor getActor() throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), actor.getId());
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        actor = null;
+        group = null;
     }
 
-    private Group getGroup() throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), group.getId());
+    private Actor getActor() {
+        return executorService.getExecutor(h.getAdminUser(), actor.getId());
     }
 
-    private Group getSubGroup() throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAdminUser(), subGroup.getId());
+    private Group getGroup() {
+        return executorService.getExecutor(h.getAdminUser(), group.getId());
     }
 
-    public void testRemoveActorFromGroupByAuthorizedPerformer() throws Exception {
+    private Group getSubGroup() {
+        return executorService.getExecutor(h.getAdminUser(), subGroup.getId());
+    }
 
-        assertTrue("Executor is not in group before removing", th.isExecutorInGroup(actor, group));
+    public void testRemoveActorFromGroupByAuthorizedUser() {
+        assertTrue("Executor is not in group before removing", h.isExecutorInGroup(actor, group));
 
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
+        h.setPermissionsToAuthorizedActor(readPermissions, group);
         try {
-            executorService.removeExecutorsFromGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(actor.getId()), group.getId());
+            executorService.removeExecutorsFromGroup(h.getAuthorizedUser(), Lists.newArrayList(actor.getId()), group.getId());
             fail("Actor removed from group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, group);
-
-        executorService.removeExecutorsFromGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(actor.getId()), group.getId());
-
-        assertFalse("Executor not removed from group ", th.isExecutorInGroup(getActor(), getGroup()));
+        h.setPermissionsToAuthorizedActor(updatePermissions, group);
+        executorService.removeExecutorsFromGroup(h.getAuthorizedUser(), Lists.newArrayList(actor.getId()), group.getId());
+        assertFalse("Executor not removed from group ", h.isExecutorInGroup(getActor(), getGroup()));
     }
 
-    public void testRemoveSubGroupFromGroupByAuthorizedPerformerWithReadPermissionOnGroup() throws Exception {
-
-        assertTrue("Executor is not in group before removing", th.isExecutorInGroup(subGroup, group));
+    public void testRemoveSubGroupFromGroupByAuthorizedUserWithReadPermissionOnGroup() {
+        assertTrue("Executor is not in group before removing", h.isExecutorInGroup(subGroup, group));
 
-        th.setPermissionsToAuthorizedPerformer(readPermissions, group);
+        h.setPermissionsToAuthorizedActor(readPermissions, group);
         try {
-            executorService.removeExecutorsFromGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(subGroup.getId()), group.getId());
+            executorService.removeExecutorsFromGroup(h.getAuthorizedUser(), Lists.newArrayList(subGroup.getId()), group.getId());
             fail("Subgroup removed from group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, group);
-
-        executorService.removeExecutorsFromGroup(th.getAuthorizedPerformerUser(), Lists.newArrayList(subGroup.getId()), group.getId());
-
-        assertFalse("Executor not removed from group ", th.isExecutorInGroup(getSubGroup(), getGroup()));
+        h.setPermissionsToAuthorizedActor(updatePermissions, group);
+        executorService.removeExecutorsFromGroup(h.getAuthorizedUser(), Lists.newArrayList(subGroup.getId()), group.getId());
+        assertFalse("Executor not removed from group ", h.isExecutorInGroup(getSubGroup(), getGroup()));
     }
 
-    public void testRemoveActorFromGroupByUnAuthorizedPerformer() throws Exception {
+    public void testRemoveActorFromGroupByUnAuthorizedUser() {
         try {
-            executorService.removeExecutorsFromGroup(th.getUnauthorizedPerformerUser(), Lists.newArrayList(actor.getId()), group.getId());
-            fail("Actor is removed from group ByUnAuthorizedPerformer");
+            executorService.removeExecutorsFromGroup(h.getUnauthorizedUser(), Lists.newArrayList(actor.getId()), group.getId());
+            fail();
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
 
-    public void testRemoveSubGroupFromGroupByUnAuthorizedPerformer() throws Exception {
+    public void testRemoveSubGroupFromGroupByUnAuthorizedUser() {
         try {
-            executorService.removeExecutorsFromGroup(th.getUnauthorizedPerformerUser(), Lists.newArrayList(subGroup.getId()), group.getId());
-            fail("SubGroup is removed from group ByUnAuthorizedPerformer");
+            executorService.removeExecutorsFromGroup(h.getUnauthorizedUser(), Lists.newArrayList(subGroup.getId()), group.getId());
+            fail();
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        actor = null;
-        group = null;
-
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsFromGroupTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsFromGroupTest.java
index b10d756300..d2373d617c 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsFromGroupTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsFromGroupTest.java
@@ -19,98 +19,87 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
+import java.util.Collection;
+import java.util.List;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
-import ru.runa.wfe.user.*;
-
-import java.util.Collection;
-import java.util.List;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.Executor;
+import ru.runa.wfe.user.Group;
 
 public class ExecutorServiceDelegateRemoveManyExecutorsFromGroupTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateRemoveManyExecutorsFromGroupTest.class.getName();
-
     private Group additionalGroup;
-
     private List<Actor> additionalActors;
 
     private final Collection<Permission> updatePermissions = Lists.newArrayList(Permission.UPDATE);
-
     private final Collection<Permission> readPermissions = Lists.newArrayList(Permission.READ);
 
-    private List<Executor> getAdditionalActors()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        List<Long> ids = Lists.newArrayList();
-        for (Executor executor : additionalActors) {
-            ids.add(executor.getId());
-        }
-        return th.getExecutors(th.getAdminUser(), ids);
-    }
+    @Override
+    protected void setUp() {
+        executorService = Delegates.getExecutorService();
+        h = new ServiceTestHelper(getClass().getName());
 
-    private Group getAdditionalGroup()
-            throws InternalApplicationException, AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
-        return executorService.getExecutor(th.getAuthorizedPerformerUser(), additionalGroup.getId());
-    }
+        additionalGroup = h.createGroupIfNotExist("additionalG", "Additional Group");
+        additionalActors = h.createActorArray("additionalMixed", "Additional Mixed");
 
-    protected void setUp() throws Exception {
-        executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalGroup);
+        h.setPermissionsToAuthorizedActor(updatePermissions, additionalActors);
 
-        additionalGroup = th.createGroupIfNotExist("additionalG", "Additional Group");
-        additionalActors = th.createActorArray("additionalMixed", "Additional Mixed");
+        executorService.addExecutorsToGroup(h.getAuthorizedUser(), h.toIds(additionalActors), additionalGroup.getId());
+    }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, additionalGroup);
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(updatePermissions, additionalActors);
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        additionalGroup = null;
+        additionalActors = null;
+    }
 
-        executorService.addExecutorsToGroup(th.getAuthorizedPerformerUser(), th.toIds(additionalActors), additionalGroup.getId());
 
-        super.setUp();
+    private List<Executor> getAdditionalActors() {
+        List<Long> ids = Lists.newArrayList();
+        for (Executor executor : additionalActors) {
+            ids.add(executor.getId());
+        }
+        return h.getExecutors(h.getAdminUser(), ids);
     }
 
-    public void testRemoveExecutorsFromGroupByAuthorizedPerformer() throws Exception {
+    private Group getAdditionalGroup() {
+        return executorService.getExecutor(h.getAuthorizedUser(), additionalGroup.getId());
+    }
 
-        assertTrue("Executor is not in group before removing", th.isExecutorsInGroup(getAdditionalActors(), getAdditionalGroup()));
+    public void testRemoveExecutorsFromGroupByAuthorizedUser() {
+        assertTrue("Executor is not in group before removing", h.isExecutorsInGroup(getAdditionalActors(), getAdditionalGroup()));
 
-        th.setPermissionsToAuthorizedPerformer(readPermissions, getAdditionalGroup());
+        h.setPermissionsToAuthorizedActor(readPermissions, getAdditionalGroup());
         List<Executor> executors = getAdditionalActors();
         try {
-            executorService.removeExecutorsFromGroup(th.getAuthorizedPerformerUser(), th.toIds(executors), getAdditionalGroup().getId());
+            executorService.removeExecutorsFromGroup(h.getAuthorizedUser(), h.toIds(executors), getAdditionalGroup().getId());
             fail("Executors removed from group without corresponding permissions");
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
 
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, getAdditionalGroup());
-
-        executorService.removeExecutorsFromGroup(th.getAuthorizedPerformerUser(), th.toIds(getAdditionalActors()), getAdditionalGroup().getId());
-
-        assertFalse("Executor not removed from group ", th.isExecutorsInGroup(getAdditionalActors(), getAdditionalGroup()));
+        h.setPermissionsToAuthorizedActor(updatePermissions, getAdditionalGroup());
+        executorService.removeExecutorsFromGroup(h.getAuthorizedUser(), h.toIds(getAdditionalActors()), getAdditionalGroup().getId());
+        assertFalse("Executor not removed from group ", h.isExecutorsInGroup(getAdditionalActors(), getAdditionalGroup()));
     }
 
-    public void testRemoveExecutorsFromGroupByUnAuthorizedPerformer() throws Exception {
+    public void testRemoveExecutorsFromGroupByUnauthorizedUser() {
         List<Executor> executors = getAdditionalActors();
         try {
-            executorService.removeExecutorsFromGroup(th.getUnauthorizedPerformerUser(), th.toIds(executors), getAdditionalGroup().getId());
-            fail("Executors is removed from group ByUnAuthorizedPerformer");
+            executorService.removeExecutorsFromGroup(h.getUnauthorizedUser(), h.toIds(executors), getAdditionalGroup().getId());
+            fail();
         } catch (AuthorizationException e) {
-            // this is supposed result
+            // Expected.
         }
     }
-
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        additionalGroup = null;
-        additionalActors = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsTest.java
index 0d7ef26411..63ffc02578 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateRemoveManyExecutorsTest.java
@@ -18,63 +18,54 @@
 
 package ru.runa.af.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
-
-import com.google.common.collect.Lists;
 
 public class ExecutorServiceDelegateRemoveManyExecutorsTest extends ServletTestCase {
-    private ServiceTestHelper th;
-
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static String testPrefix = ExecutorServiceDelegateRemoveManyExecutorsTest.class.getName();
-
-    private List<Executor> additionalActorsGroupsMixed;
-
-    private final List<Permission> deletePermissions = Lists.newArrayList(Permission.DELETE);
+    private List<Executor> maxedActorsGroups;
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        additionalActorsGroupsMixed = th.createMixedActorsGroupsArray("additionalMixed", "Additional Mixed");
-        th.setPermissionsToAuthorizedPerformerOnExecutorsList(deletePermissions, additionalActorsGroupsMixed);
+        
+        maxedActorsGroups = h.createMixedActorsGroupsArray("additionalMixed", "Additional Mixed");
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.UPDATE), maxedActorsGroups);
     }
 
-    public void testRemoveExecutorsByAuthorizedPerformer() throws Exception {
-        executorService.remove(th.getAuthorizedPerformerUser(), th.toIds(additionalActorsGroupsMixed));
-        for (Executor executor : additionalActorsGroupsMixed) {
-            assertFalse("Executor was not deleted.", th.isExecutorExist(executor));
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
+        executorService = null;
+        maxedActorsGroups = null;
+    }
+
+    public void testRemoveExecutorsByAuthorizedUser() {
+        executorService.remove(h.getAuthorizedUser(), h.toIds(maxedActorsGroups));
+        for (Executor executor : maxedActorsGroups) {
+            assertFalse("Executor was not deleted.", h.isExecutorExist(executor));
         }
     }
 
-    public void testRemoveExecutorsByUnauthorizedPerformer() throws Exception {
+    public void testRemoveExecutorsByUnauthorizedUser() {
         try {
-            executorService.remove(th.getUnauthorizedPerformerUser(), th.toIds(additionalActorsGroupsMixed));
+            executorService.remove(h.getUnauthorizedUser(), h.toIds(maxedActorsGroups));
             fail("Executors were deleted by unauthorize performer.");
         } catch (AuthorizationException e) {
-            // that's what we expect to see
+            // Expected.
         }
-        for (Executor executor : additionalActorsGroupsMixed) {
-            assertTrue("Executor was deleted.", th.isExecutorExist(executor));
+        for (Executor executor : maxedActorsGroups) {
+            assertTrue("Executor was deleted.", h.isExecutorExist(executor));
         }
     }
-
-    @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        executorService = null;
-        additionalActorsGroupsMixed = null;
-        super.tearDown();
-    }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateSetPasswordTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateSetPasswordTest.java
index 8f38fc056a..7860d3ce34 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateSetPasswordTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/ExecutorServiceDelegateSetPasswordTest.java
@@ -18,8 +18,7 @@
 package ru.runa.af.delegate;
 
 import com.google.common.collect.Lists;
-import junit.framework.Test;
-import junit.framework.TestSuite;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthorizationException;
@@ -27,62 +26,54 @@
 import ru.runa.wfe.service.ExecutorService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 
-import java.util.List;
-
 /**
  * Created on 27.08.2004
  */
 public class ExecutorServiceDelegateSetPasswordTest extends ServletTestCase {
-    private ServiceTestHelper th;
+    private static final String NEW_PASSWD = "new passwd";
 
+    private ServiceTestHelper h;
     private ExecutorService executorService;
 
-    private static final String testPrefix = ExecutorServiceDelegateSetPasswordTest.class.getName();
-
-    private static final String NEW_PASSWD = "new passwd";
-
     private Actor actor;
-
     private Group group;
 
-    protected void setUp() throws Exception {
+    @Override
+    protected void setUp() {
+        h = new ServiceTestHelper(getClass().getName());
         executorService = Delegates.getExecutorService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        List<Permission> updatePermissions = Lists.newArrayList(Permission.UPDATE);
 
-        actor = th.getBaseGroupActor();
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, actor);
-        group = th.getBaseGroup();
-        th.setPermissionsToAuthorizedPerformer(updatePermissions, group);
-        super.setUp();
+        h.createDefaultExecutorsMap();
+        actor = h.getBaseGroupActor();
+        group = h.getBaseGroup();
+
+        val pp = Lists.newArrayList(Permission.UPDATE);
+        h.setPermissionsToAuthorizedActor(pp, actor);
+        h.setPermissionsToAuthorizedActor(pp, group);
     }
 
-    protected void tearDown() throws Exception {
-        th.releaseResources();
+    @Override
+    protected void tearDown() {
+        h.releaseResources();
         executorService = null;
         actor = null;
         group = null;
-        super.tearDown();
     }
 
-    public void testSetPasswordByAuthorizedPerformer() throws Exception {
-        executorService.setPassword(th.getAuthorizedPerformerUser(), actor, NEW_PASSWD);
-
-        assertTrue("Password is not correct.", th.isPasswordCorrect(actor.getName(), NEW_PASSWD));
+    public void testSetPasswordByAuthorizedUser() {
+        executorService.setPassword(h.getAuthorizedUser(), actor, NEW_PASSWD);
+        assertTrue("Password is not correct.", h.isPasswordCorrect(actor.getName(), NEW_PASSWD));
     }
 
-    public void testSetPasswordByUnauthorizedPerformer() throws Exception {
-
+    public void testSetPasswordByUnauthorizedUser() {
         try {
-            executorService.setPassword(th.getUnauthorizedPerformerUser(), actor, NEW_PASSWD);
+            executorService.setPassword(h.getUnauthorizedUser(), actor, NEW_PASSWD);
             fail("Password was changed without permission.");
         } catch (AuthorizationException e) {
-            // This is what must happen
+            // Expected.
         }
-        assertFalse("Password was changed without permission.", th.isPasswordCorrect(actor.getName(), NEW_PASSWD));
+        assertFalse("Password was changed without permission.", h.isPasswordCorrect(actor.getName(), NEW_PASSWD));
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AASystemServiceDelegateLoginTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/SystemServiceDelegateLoginTest.java
similarity index 64%
rename from wfe-cactus-it/src/test/java/ru/runa/af/delegate/AASystemServiceDelegateLoginTest.java
rename to wfe-cactus-it/src/test/java/ru/runa/af/delegate/SystemServiceDelegateLoginTest.java
index 03c00205ca..1eb3bd51ec 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/delegate/AASystemServiceDelegateLoginTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/delegate/SystemServiceDelegateLoginTest.java
@@ -17,62 +17,58 @@
  */
 package ru.runa.af.delegate;
 
+import com.google.common.collect.Lists;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.af.service.ServiceTestHelper;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.SystemService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 16.08.2004
  */
-public class AASystemServiceDelegateLoginTest extends ServletTestCase {
-    private ServiceTestHelper th;
+public class SystemServiceDelegateLoginTest extends ServletTestCase {
+    private ServiceTestHelper h;
     private SystemService systemService;
-    private static String testPrefix = AASystemServiceDelegateLoginTest.class.getName();
 
     @Override
-    protected void tearDown() throws Exception {
-        th.releaseResources();
-        systemService = null;
-        super.tearDown();
+    protected void setUp() {
+        systemService = Delegates.getSystemService();
+        h = new ServiceTestHelper(getClass().getName());
+
+        h.createDefaultExecutorsMap();
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.LOGIN), SecuredSingleton.SYSTEM);
     }
 
     @Override
-    protected void setUp() throws Exception {
-        systemService = Delegates.getSystemService();
-        th = new ServiceTestHelper(testPrefix);
-        th.createDefaultExecutorsMap();
-        th.setPermissionsToAuthorizedPerformerOnExecutors(Lists.newArrayList(Permission.LOGIN));
-        super.setUp();
+    protected void tearDown() {
+        h.releaseResources();
+        systemService = null;
     }
 
-    public void testLoginWithUnauthorizedPerformer() throws Exception {
+    public void testLoginWithUnauthorizedUser() {
         try {
-            systemService.login(th.getUnauthorizedPerformerUser());
+            systemService.login(h.getUnauthorizedUser());
             fail("SystemServiceDelegate does not throw AuthorizationFailedException on login() with unauthorized performer user call.");
         } catch (AuthorizationException e) {
-            // that's what we expected
+            // Expected.
         }
     }
 
-    public void testLoginWithAuthorizedPerformer() throws Exception {
-        systemService.login(th.getAuthorizedPerformerUser());
+    public void testLoginWithAuthorizedUser() {
+        systemService.login(h.getAuthorizedUser());
         assertTrue("SystemServiceDelegate.login() works.", true);
     }
 
-    public void testLoginWithFakeUser() throws Exception {
+    public void testLoginWithFakeUser() {
         try {
-            systemService.login(th.getFakeUser());
+            systemService.login(h.getFakeUser());
             fail("SystemServiceDelegate does not throw AuthorizationFailedException on login() with fakeUser call.");
         } catch (AuthenticationException e) {
-            // that's what we expected
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionFactoryTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionFactoryTest.java
index 0f5e96c61e..5418ddffa4 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionFactoryTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionFactoryTest.java
@@ -17,31 +17,24 @@
  */
 package ru.runa.af.organizationfunction.impl;
 
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.task.dto.WfTask;
 import ru.runa.wfe.user.User;
 
-import com.google.common.collect.Lists;
-
 /**
  * @author Gordienko_m
  * @author Vitaliy S aka Yilativs
  */
 public class OrganizationFunctionFactoryTest extends ServletTestCase {
-    private final static String PREFIX = OrganizationFunctionFactoryTest.class.getName();
-
-    private WfServiceTestHelper th;
-
+    private WfServiceTestHelper h;
     private Map<String, Object> legalVariables;
 
     public static Test suite() {
@@ -49,74 +42,71 @@ public static Test suite() {
     }
 
     @Override
-    protected void setUp() throws Exception {
-
-        th = new WfServiceTestHelper(PREFIX);
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
 
-        th.addExecutorToGroup(th.getHrOperator(), th.getBossGroup());
+        h.addExecutorToGroup(h.getHrOperator(), h.getBossGroup());
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
 
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(Lists.newArrayList(Permission.START), WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS),
+                WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
 
-        th.getExecutionService().startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
+        h.getExecutionService().startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
 
-        legalVariables = new HashMap<String, Object>();
+        legalVariables = new HashMap<>();
         legalVariables.put("approved", "true");
-
-        super.setUp();
     }
 
-    private User getBossActorUser() {
-        return th.getHrOperatorUser();
+    @Override
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
+        h = null;
     }
 
-    @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        th.releaseResources();
-        th = null;
-        super.tearDown();
+    private User getBossActorUser() {
+        return h.getHrOperatorUser();
     }
 
-    public void testOrganizationFunction() throws Exception {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), th.getTaskBatchPresentation());
+    public void testOrganizationFunction() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(getBossActorUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(getBossActorUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "evaluating", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(getBossActorUser(), tasks.get(0).getId(), legalVariables, null);
+        h.getTaskService().completeTask(getBossActorUser(), tasks.get(0).getId(), legalVariables);
 
-        tasks = th.getTaskService().getMyTasks(getBossActorUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(getBossActorUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "updating erp asynchronously", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), tasks.get(0).getId(), legalVariables, null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), tasks.get(0).getId(), legalVariables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "treating collegues on cake and pie", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), legalVariables, null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), legalVariables);
 
-        tasks = th.getTaskService().getMyTasks(getBossActorUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(getBossActorUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "notify", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), tasks.get(0).getId(), legalVariables, null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), tasks.get(0).getId(), legalVariables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 0, tasks.size());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionParserTest.java b/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionParserTest.java
index 1ef60b4543..64fa52c889 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionParserTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/organizationfunction/impl/OrganizationFunctionParserTest.java
@@ -21,60 +21,42 @@
  */
 package ru.runa.af.organizationfunction.impl;
 
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
-import java.util.Map;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-
 /**
  * @author Gritsenko_S
  */
 public class OrganizationFunctionParserTest extends ServletTestCase {
-    private final static String PREFIX = OrganizationFunctionParserTest.class.getName();
-
-    private WfServiceTestHelper th;
-
     private static final String PROCESS_PATH = "organizationProcess.par";
     private static final String PROCESS_NAME = "organizationProcess";
 
-    private Map<String, Object> legalVariables;
+    private WfServiceTestHelper h;
 
     @Override
-    protected void setUp() throws Exception {
-
-        th = new WfServiceTestHelper(PREFIX);
-
-        th.addExecutorToGroup(th.getHrOperator(), th.getBossGroup());
-
-        th.deployValidProcessDefinition(PROCESS_PATH);
-
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(Lists.newArrayList(Permission.START), PROCESS_NAME);
-
-        legalVariables = new HashMap<String, Object>();
-        legalVariables.put("approved", "true");
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
 
-        super.setUp();
+        h.addExecutorToGroup(h.getHrOperator(), h.getBossGroup());
+        h.deployValidProcessDefinition(PROCESS_PATH);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS), PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(PROCESS_NAME);
-        th.releaseResources();
-        th = null;
-        super.tearDown();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(PROCESS_NAME);
+        h.releaseResources();
+        h = null;
     }
 
-    public void testOrganizationFunction() throws Exception {
-        th.getExecutionService().startProcess(th.getAuthorizedPerformerUser(), PROCESS_NAME, null);
+    public void testOrganizationFunction() {
+        h.getExecutionService().startProcess(h.getAuthorizedUser(), PROCESS_NAME, null);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAdminUser(), th.getTaskBatchPresentation());
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAdminUser(), h.getTaskBatchPresentation());
         assertEquals("tasks count differs from expected", 0, tasks.size());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/af/service/ServiceTestHelper.java b/wfe-cactus-it/src/test/java/ru/runa/af/service/ServiceTestHelper.java
index 10063930e6..3333ff09c0 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/af/service/ServiceTestHelper.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/af/service/ServiceTestHelper.java
@@ -17,28 +17,24 @@
  */
 package ru.runa.af.service;
 
-import java.io.Serializable;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.security.auth.Subject;
-
+import lombok.Getter;
+import lombok.val;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.presentation.BatchPresentationFactory;
 import ru.runa.wfe.relation.Relation;
-import ru.runa.wfe.relation.RelationAlreadyExistException;
-import ru.runa.wfe.relation.RelationDoesNotExistException;
 import ru.runa.wfe.relation.RelationPair;
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObject;
-import ru.runa.wfe.security.WeakPasswordException;
 import ru.runa.wfe.service.AuthenticationService;
 import ru.runa.wfe.service.AuthorizationService;
 import ru.runa.wfe.service.ExecutorService;
@@ -49,19 +45,13 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.ss.Substitution;
 import ru.runa.wfe.ss.SubstitutionCriteria;
-import ru.runa.wfe.ss.SubstitutionDoesNotExistException;
 import ru.runa.wfe.ss.TerminatorSubstitution;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorAlreadyExistsException;
 import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
-
 public class ServiceTestHelper {
 
     private final static String ADMINISTRATOR_NAME = "Administrator";
@@ -72,83 +62,83 @@ public class ServiceTestHelper {
 
     private final Set<Executor> createdExecutorsSet = Sets.newHashSet();
 
+    @Getter
     private final Map<String, Executor> defaultExecutorsMap = Maps.newHashMap();
 
     public final static String AUTHORIZED_PERFORMER_NAME = "AUTHORIZED_PERFORMER_NAME";
-
     public final static String AUTHORIZED_PERFORMER_DESCRIPTION = "AUTHORIZED_PERFORMER_DESCRIPTION";
-
     public final static String AUTHORIZED_PERFORMER_PASSWORD = "AUTHORIZED_PERFORMER_PASSWORD";
 
     public final static String UNAUTHORIZED_PERFORMER_NAME = "UNAUTHORIZED_PERFORMER_NAME";
-
     public final static String UNAUTHORIZED_PERFORMER_DESCRIPTION = "UNAUTHORIZED_PERFORMER_DESCRIPTION";
-
     public final static String UNAUTHORIZED_PERFORMER_PASSWORD = "UNAUTHORIZED_PERFORMER_PASSWORD";
 
     public final static String BASE_GROUP_NAME = "BASE_GROUP_NAME";
-
     public final static String BASE_GROUP_DESC = "BASE_GROUP_DESC";
-
     public final static String BASE_GROUP_ACTOR_NAME = "BASE_GROUP_ACTOR_NAME";
-
     public final static String BASE_GROUP_ACTOR_DESC = "BASE_GROUP_ACTOR_DESC";
-
     public final static String SUB_GROUP_NAME = "SUB_GROUP_NAME";
-
     public final static String SUB_GROUP_DESC = "SUB_GROUP_DESC";
-
     public final static String SUB_GROUP_ACTOR_NAME = "SUB_GROUP_ACTOR_NAME";
-
     public final static String SUB_GROUP_ACTOR_DESC = "SUB_GROUP_ACTOR_DESC";
-
     public final static String FAKE_ACTOR_NAME = "FAKE_ACTOR_NAME";
-
     public final static String FAKE_ACTOR_DESC = "FAKE_ACTOR_DESC";
-
     public final static String FAKE_GROUP_NAME = "FAKE_GROUP_NAME";
-
     public final static String FAKE_GROUP_DESC = "FAKE_GROUP_DESC";
 
+    @Getter
     private ExecutorService executorService;
 
     private RelationService relationService;
 
     private SubstitutionService substitutionService;
 
+    @Getter
     protected AuthorizationService authorizationService;
 
+    @Getter
     private AuthenticationService authenticationService;
 
+    @Getter
     private SystemService systemService;
 
+    @Getter
     private ProfileService profileService;
 
+    @Getter
     private Actor fakeActor;
 
+    @Getter
     private List<Executor> fakeExecutors;
 
     private Actor baseGroupActor;
 
     private Actor subGroupActor;
 
+    @Getter
     private Group fakeGroup;
 
     private Group baseGroup;
 
     private Group subGroup;
 
+    @Getter
     private User fakeUser;
 
-    private User authorizedPerformerUser, unauthorizedPerformerUser;
+    @Getter
+    private User authorizedUser;
+
+    @Getter
+    private User unauthorizedUser;
 
     private final String testClassName;
 
+    @Getter
     protected User adminUser;
 
     private Set<Subject> subjectOfActorsWithProfileSet = Sets.newHashSet();
 
-    public ServiceTestHelper(String testClassName) throws InternalApplicationException {
+    public ServiceTestHelper(String testClassName) {
         this.testClassName = testClassName;
         createExecutorServiceDelegate();
         createRelationServiceDelegate();
@@ -163,8 +153,14 @@ public ServiceTestHelper(String testClassName) throws InternalApplicationExcepti
         createProfileServiceDelegate();
     }
 
-    public List<Long> toIds(Collection<? extends SecuredObject> list) {
-        List<Long> ids = Lists.newArrayList();
+//    @SafeVarargs
+//    public final <T> ArrayList<T> list(T... oo) {
+//        return Lists.newArrayList(oo);
+//    }
+
+    public ArrayList<Long> toIds(Collection<? extends SecuredObject> list) {
+        // TODO Use java8 map.
+        val ids = new ArrayList<Long>(list.size());
         for (SecuredObject securedObject : list) {
             ids.add(securedObject.getIdentifiableId());
         }
@@ -175,18 +171,10 @@ private void createProfileServiceDelegate() {
         profileService = Delegates.getProfileService();
     }
 
-    public ProfileService getProfileService() {
-        return profileService;
-    }
-
-    public User getAdminUser() {
-        return adminUser;
-    }
-
     /**
      * Creates groups and actors group contains subGroup and subActor subGroup contains subGroupActor
      */
-    public void createDefaultExecutorsMap() throws InternalApplicationException {
+    public void createDefaultExecutorsMap() {
         baseGroup = executorService.create(adminUser, new Group(testClassName + BASE_GROUP_NAME, testClassName + BASE_GROUP_DESC));
         defaultExecutorsMap.put(BASE_GROUP_NAME, baseGroup);
 
@@ -205,34 +193,28 @@ public void createDefaultExecutorsMap() throws InternalApplicationException {
         executorService.addExecutorsToGroup(adminUser, Lists.newArrayList(subGroupActor.getId()), subGroup.getId());
     }
 
-    public void releaseResources() throws InternalApplicationException {
+    public void releaseResources() {
         removeCreatedProfiles();
         removeCreatedExecutors();
         removeDefaultExecutors();
         executorService = null;
-        executorService = null;
-        authorizationService = null;
         authorizationService = null;
         authenticationService = null;
-        authenticationService = null;
-        systemService = null;
         systemService = null;
 
         fakeActor = null;
         fakeGroup = null;
-
         fakeExecutors.clear();
         fakeExecutors = null;
+        fakeUser = null;
 
         baseGroup = null;
         baseGroupActor = null;
         subGroup = null;
         subGroupActor = null;
-        fakeUser = null;
-
     }
 
-    private void removeCreatedProfiles() throws AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
+    private void removeCreatedProfiles() {
         subjectOfActorsWithProfileSet.clear();
         subjectOfActorsWithProfileSet = null;
         profileService = null;
@@ -245,7 +227,7 @@ public void removeCreatedExecutor(Executor executor) {
         createdExecutorsSet.remove(executor);
     }
 
-    public void removeExecutorIfExists(Executor executor) throws InternalApplicationException {
+    public void removeExecutorIfExists(Executor executor) {
         if (executor != null) {
             try {
                 if (executor instanceof Actor) {
@@ -260,15 +242,15 @@ public void removeExecutorIfExists(Executor executor) throws InternalApplication
         }
     }
 
-    public void addExecutorToGroup(Executor executor, Group group) throws InternalApplicationException {
+    public void addExecutorToGroup(Executor executor, Group group) {
         executorService.addExecutorsToGroup(adminUser, Lists.newArrayList(executor.getId()), group.getId());
     }
 
-    public void removeExecutorFromGroup(Executor executor, Group group) throws InternalApplicationException {
+    public void removeExecutorFromGroup(Executor executor, Group group) {
         executorService.removeExecutorsFromGroup(adminUser, Lists.newArrayList(executor.getId()), group.getId());
     }
 
-    public boolean isExecutorExist(Executor executor) throws InternalApplicationException {
+    public boolean isExecutorExist(Executor executor) {
         boolean isExecutorExist = true;
         try {
             if (executor instanceof Actor) {
@@ -293,23 +275,17 @@ public boolean isPasswordCorrect(String name, String password) {
         return isPasswordCorrect;
     }
 
-    public void setPermissionsToAuthorizedPerformer(Collection<Permission> permissions, Executor executor) throws InternalApplicationException {
-        authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, executor);
+    public void setPermissionsToAuthorizedActor(Collection<Permission> permissions, SecuredObject object) {
+        authorizationService.setPermissions(adminUser, getAuthorizedActor().getId(), permissions, object);
     }
 
-    public void setPermissionsToAuthorizedPerformerOnExecutorsList(Collection<Permission> permissions, List<? extends Executor> executors)
-            throws InternalApplicationException {
-        for (Executor executor : executors) {
-            authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, executor);
+    public void setPermissionsToAuthorizedActor(Collection<Permission> permissions, List<? extends SecuredObject> objects) {
+        for (SecuredObject o : objects) {
+            setPermissionsToAuthorizedActor(permissions, o);
         }
     }
 
-    public void setPermissionsToAuthorizedPerformerOnExecutors(Collection<Permission> permissions) {
-        authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, SecuredSingleton.EXECUTORS);
-    }
-
-    public Actor createActorIfNotExist(String name, String description)
-            throws ExecutorAlreadyExistsException, AuthorizationException, AuthenticationException {
+    public Actor createActorIfNotExist(String name, String description) {
         Actor actor;
         try {
             actor = executorService.getExecutorByName(adminUser, name);
@@ -320,8 +296,7 @@ public Actor createActorIfNotExist(String name, String description)
         return actor;
     }
 
-    public List<Actor> createActorArray(String name, String description)
-            throws ExecutorAlreadyExistsException, AuthorizationException, AuthenticationException {
+    public List<Actor> createActorArray(String name, String description) {
         Actor[] actorArray = new Actor[5];
         actorArray[0] = executorService.create(adminUser, new Actor(name + "0", description + "0"));
         actorArray[1] = executorService.create(adminUser, new Actor(name + "1", description + "1"));
@@ -336,8 +311,7 @@ public List<Actor> createActorArray(String name, String description)
         return Lists.newArrayList(actorArray);
     }
 
-    public Group createGroupIfNotExist(String name, String description)
-            throws ExecutorAlreadyExistsException, AuthorizationException, AuthenticationException {
+    public Group createGroupIfNotExist(String name, String description) {
         Group group;
         try {
             group = executorService.getExecutorByName(adminUser, name);
@@ -348,7 +322,7 @@ public Group createGroupIfNotExist(String name, String description)
         return group;
     }
 
-    public List<Group> createGroupArray(String name, String description) throws InternalApplicationException {
+    public ArrayList<Group> createGroupArray(String name, String description) {
         Group[] groupArray = new Group[5];
         groupArray[0] = executorService.create(adminUser, new Group(name + "0", description + "0"));
         groupArray[1] = executorService.create(adminUser, new Group(name + "1", description + "1"));
@@ -363,7 +337,7 @@ public List<Group> createGroupArray(String name, String description) throws Inte
         return Lists.newArrayList(groupArray);
     }
 
-    public List<Executor> createMixedActorsGroupsArray(String name, String description) throws InternalApplicationException {
+    public ArrayList<Executor> createMixedActorsGroupsArray(String name, String description) {
         Executor[] mixedArray = new Executor[5];
         mixedArray[0] = executorService.create(adminUser, new Actor(name + "0", description + "0"));
         mixedArray[1] = executorService.create(adminUser, new Group(name + "1", description + "1"));
@@ -378,39 +352,11 @@ public List<Executor> createMixedActorsGroupsArray(String name, String descripti
         return Lists.newArrayList(mixedArray);
     }
 
-    public User getAuthorizedPerformerUser() {
-        return authorizedPerformerUser;
-    }
-
-    public ExecutorService getExecutorService() {
-        return executorService;
-    }
-
-    public User getUnauthorizedPerformerUser() {
-        return unauthorizedPerformerUser;
-    }
-
-    public Map<String, Executor> getDefaultExecutorsMap() {
-        return defaultExecutorsMap;
-    }
-
-    public Actor getFakeActor() {
-        return fakeActor;
-    }
-
-    public Group getFakeGroup() {
-        return fakeGroup;
-    }
-
-    public List<Executor> getFakeExecutors() {
-        return fakeExecutors;
-    }
-
-    public boolean isExecutorInGroup(Executor executor, Group group) throws InternalApplicationException {
+    public boolean isExecutorInGroup(Executor executor, Group group) {
         return executorService.isExecutorInGroup(adminUser, executor, group);
     }
 
-    public boolean isExecutorInGroups(Executor executor, List<Group> groups) throws InternalApplicationException {
+    public boolean isExecutorInGroups(Executor executor, List<Group> groups) {
         for (Group group : groups) {
             if (!executorService.isExecutorInGroup(adminUser, executor, group)) {
                 return false;
@@ -419,7 +365,7 @@ public boolean isExecutorInGroups(Executor executor, List<Group> groups) throws
         return true;
     }
 
-    public boolean isExecutorsInGroup(List<? extends Executor> executors, Group group) throws InternalApplicationException {
+    public boolean isExecutorsInGroup(List<? extends Executor> executors, Group group) {
         for (Executor executor : executors) {
             if (!executorService.isExecutorInGroup(adminUser, executor, group)) {
                 return false;
@@ -452,36 +398,35 @@ private void createSystemServiceDelegate() {
         systemService = Delegates.getSystemService();
     }
 
-    private void createPerformersAndPerformesSubjects() throws ExecutorDoesNotExistException, ExecutorAlreadyExistsException, AuthorizationException,
-            AuthenticationException, WeakPasswordException {
+    private void createPerformersAndPerformesSubjects() {
         String authorizedActorName = testClassName + AUTHORIZED_PERFORMER_NAME;
-        Actor authorizedPerformerActor;
+        Actor authorizedActor;
         try {
-            authorizedPerformerActor = executorService.getExecutorByName(adminUser, authorizedActorName);
+            authorizedActor = executorService.getExecutorByName(adminUser, authorizedActorName);
         } catch (ExecutorDoesNotExistException e) {
-            authorizedPerformerActor = executorService.create(adminUser, new Actor(authorizedActorName, AUTHORIZED_PERFORMER_DESCRIPTION));
-            executorService.setPassword(adminUser, authorizedPerformerActor, AUTHORIZED_PERFORMER_PASSWORD);
+            authorizedActor = executorService.create(adminUser, new Actor(authorizedActorName, AUTHORIZED_PERFORMER_DESCRIPTION));
+            executorService.setPassword(adminUser, authorizedActor, AUTHORIZED_PERFORMER_PASSWORD);
         }
         String unauthorizedActorName = testClassName + UNAUTHORIZED_PERFORMER_NAME;
-        Actor unauthorizedPerformerActor;
+        Actor unauthorizedActor;
         try {
-            unauthorizedPerformerActor = executorService.getExecutorByName(adminUser, unauthorizedActorName);
+            unauthorizedActor = executorService.getExecutorByName(adminUser, unauthorizedActorName);
         } catch (ExecutorDoesNotExistException e) {
-            unauthorizedPerformerActor = executorService.create(adminUser, new Actor(unauthorizedActorName, UNAUTHORIZED_PERFORMER_DESCRIPTION));
-            executorService.setPassword(adminUser, unauthorizedPerformerActor, UNAUTHORIZED_PERFORMER_PASSWORD);
+            unauthorizedActor = executorService.create(adminUser, new Actor(unauthorizedActorName, UNAUTHORIZED_PERFORMER_DESCRIPTION));
+            executorService.setPassword(adminUser, unauthorizedActor, UNAUTHORIZED_PERFORMER_PASSWORD);
         }
-        authorizedPerformerUser = authenticationService.authenticateByLoginPassword(authorizedPerformerActor.getName(),
+        authorizedUser = authenticationService.authenticateByLoginPassword(authorizedActor.getName(),
                 AUTHORIZED_PERFORMER_PASSWORD);
-        unauthorizedPerformerUser = authenticationService.authenticateByLoginPassword(unauthorizedPerformerActor.getName(),
+        unauthorizedUser = authenticationService.authenticateByLoginPassword(unauthorizedActor.getName(),
                 UNAUTHORIZED_PERFORMER_PASSWORD);
     }
 
-    private void createAdminSubject() throws InternalApplicationException {
+    private void createAdminSubject() {
         adminUser = authenticationService.authenticateByLoginPassword(ADMINISTRATOR_NAME, ADMINISTRATOR_PASSWORD);
     }
 
     /** Removes all created executors from DB. */
-    private void removeCreatedExecutors() throws InternalApplicationException {
+    private void removeCreatedExecutors() {
         try {
             for (Executor executor : createdExecutorsSet) {
                 executor = executorService.getExecutor(adminUser, executor.getId());
@@ -489,15 +434,15 @@ private void removeCreatedExecutors() throws InternalApplicationException {
             }
         } catch (ExecutorDoesNotExistException ignored) {
         }
-        executorService.remove(adminUser, Lists.newArrayList(getAuthorizedPerformerActor().getId(), getUnauthorizedPerformerActor().getId()));
+        executorService.remove(adminUser, Lists.newArrayList(getAuthorizedActor().getId(), getUnauthorizedActor().getId()));
     }
 
-    public Collection<Permission> getOwnPermissions(Executor performer, Executor executor) throws InternalApplicationException {
+    public Collection<Permission> getOwnPermissions(Executor performer, Executor executor) {
         return authorizationService.getIssuedPermissions(adminUser, performer, executor);
     }
 
     /** check if default executors still exists in db, and id so removes them */
-    private void removeDefaultExecutors() throws InternalApplicationException {
+    private void removeDefaultExecutors() {
         List<Executor> undeletedExecutorsList = Lists.newArrayList();
         for (Executor executor : defaultExecutorsMap.values()) {
             boolean canRemove = false;
@@ -528,35 +473,19 @@ private void createFakeUser() {
         fakeUser = new User(fakeActor, null);
     }
 
-    public AuthorizationService getAuthorizationService() {
-        return authorizationService;
-    }
-
-    public AuthenticationService getAuthenticationService() {
-        return authenticationService;
-    }
-
-    public SystemService getSystemService() {
-        return systemService;
-    }
-
-    public User getFakeUser() {
-        return fakeUser;
-    }
-
-    public Actor getAuthorizedPerformerActor() throws InternalApplicationException {
-        return authorizedPerformerUser.getActor();
+    public Actor getAuthorizedActor() {
+        return authorizedUser.getActor();
     }
 
-    public Actor getUnauthorizedPerformerActor() throws InternalApplicationException {
-        return unauthorizedPerformerUser.getActor();
+    public Actor getUnauthorizedActor() {
+        return unauthorizedUser.getActor();
     }
 
-    public Group getAdministratorsGroup() throws InternalApplicationException {
+    public Group getAdministratorsGroup() {
         return executorService.getExecutorByName(adminUser, ADMINISTRATORS_NAME);
     }
 
-    public Actor getAdministrator() throws InternalApplicationException {
+    public Actor getAdministrator() {
         return executorService.getExecutorByName(adminUser, ADMINISTRATOR_NAME);
     }
 
@@ -564,37 +493,37 @@ public String getAdministratorPassword() {
         return ADMINISTRATOR_PASSWORD;
     }
 
-    public Group getBaseGroup() throws InternalApplicationException {
+    public Group getBaseGroup() {
         return executorService.getExecutorByName(adminUser, baseGroup.getName());
         // return baseGroup; we can't cache executor that changes it's state in
         // db
     }
 
-    public Actor getBaseGroupActor() throws InternalApplicationException {
+    public Actor getBaseGroupActor() {
         return executorService.getExecutorByName(adminUser, baseGroupActor.getName());
         // return baseGroupActor;
     }
 
-    public Group getSubGroup() throws InternalApplicationException {
+    public Group getSubGroup() {
         return executorService.getExecutorByName(adminUser, subGroup.getName());
         // return subGroup;
     }
 
-    public Actor getSubGroupActor() throws InternalApplicationException {
+    public Actor getSubGroupActor() {
         return executorService.getExecutorByName(adminUser, subGroupActor.getName());
         // return subGroupActor;
     }
 
-    public Executor getExecutor(String name) throws InternalApplicationException {
+    public Executor getExecutor(String name) {
         return executorService.getExecutorByName(adminUser, name);
     }
 
-    public void setActorStatus(Actor actor, boolean isActive) throws AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
+    public void setActorStatus(Actor actor, boolean isActive) {
         executorService.setStatus(getAdminUser(), actor, isActive);
     }
 
     /*
-     * TODO: remove public Profile getDefaultProfile(Subject subject) throws InternalApplicationException, AuthenticationException { Profile profile =
+     * TODO: remove public Profile getDefaultProfile(Subject subject) { Profile profile =
      * profileService.getProfile(subject); subjectOfActorsWithProfileSet.add(subject); return profile; }
      * 
      * public Identifiable getFakeIdentifiable() { return new Identifiable() {
@@ -604,8 +533,7 @@ public void setActorStatus(Actor actor, boolean isActive) throws AuthorizationEx
      * @Override public SecuredObjectType getSecuredObjectType() { return SecuredObjectType.DEFINITION; } }; }
      */
 
-    public Substitution createTerminator(User user, SubstitutionCriteria substitutionCriteria, boolean isEnabled)
-            throws AuthorizationException, ExecutorDoesNotExistException, AuthenticationException {
+    public Substitution createTerminator(User user, SubstitutionCriteria substitutionCriteria, boolean isEnabled) {
         TerminatorSubstitution terminatorSubstitution = new TerminatorSubstitution();
         terminatorSubstitution.setOrgFunction("");
         terminatorSubstitution.setActorId(user.getActor().getId());
@@ -614,8 +542,7 @@ public Substitution createTerminator(User user, SubstitutionCriteria substitutio
         return substitutionService.createSubstitution(getAdminUser(), terminatorSubstitution);
     }
 
-    public Substitution createActorSubstitutor(User user, String orgFunction, SubstitutionCriteria substitutionCriteria, boolean isEnabled)
-            throws AuthorizationException, ExecutorDoesNotExistException, AuthenticationException {
+    public Substitution createActorSubstitutor(User user, String orgFunction, SubstitutionCriteria substitutionCriteria, boolean isEnabled) {
         Substitution substitution = new Substitution();
         substitution.setActorId(user.getActor().getId());
         substitution.setOrgFunction(orgFunction);
@@ -632,22 +559,19 @@ public BatchPresentation getExecutorBatchPresentation(String presentationId) {
         return BatchPresentationFactory.EXECUTORS.createDefault(presentationId);
     }
 
-    public Relation createRelation(String name, String description)
-            throws RelationAlreadyExistException, AuthorizationException, AuthenticationException {
+    public Relation createRelation(String name, String description) {
         return relationService.createRelation(adminUser, new Relation(name, description));
     }
 
-    public RelationPair addRelationPair(Long relationId, Executor left, Executor right)
-            throws RelationDoesNotExistException, AuthorizationException, AuthenticationException {
+    public RelationPair addRelationPair(Long relationId, Executor left, Executor right) {
         return relationService.addRelationPair(adminUser, relationId, left, right);
     }
 
-    public void removeRelation(Long relationId) throws RelationDoesNotExistException, AuthorizationException, AuthenticationException {
+    public void removeRelation(Long relationId) {
         relationService.removeRelation(adminUser, relationId);
     }
 
-    public <T extends SubstitutionCriteria> T createSubstitutionCriteria(T substitutionCriteria)
-            throws AuthorizationException, ExecutorDoesNotExistException, AuthenticationException {
+    public <T extends SubstitutionCriteria> T createSubstitutionCriteria(T substitutionCriteria) {
         if (substitutionCriteria == null) {
             return null;
         }
@@ -655,16 +579,14 @@ public <T extends SubstitutionCriteria> T createSubstitutionCriteria(T substitut
         return (T) substitutionService.getCriteriaByName(getAdminUser(), substitutionCriteria.getName());
     }
 
-    public void removeSubstitutionCriteria(SubstitutionCriteria substitutionCriteria)
-            throws AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
+    public void removeSubstitutionCriteria(SubstitutionCriteria substitutionCriteria) {
         if (substitutionCriteria == null) {
             return;
         }
         substitutionService.deleteCriteria(getAdminUser(), substitutionCriteria);
     }
 
-    public void removeCriteriaFromSubstitution(Substitution substitution)
-            throws AuthorizationException, AuthenticationException, ExecutorDoesNotExistException, SubstitutionDoesNotExistException {
+    public void removeCriteriaFromSubstitution(Substitution substitution) {
         substitution.setCriteria(null);
         substitutionService.updateSubstitution(getAdminUser(), substitution);
     }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateDeployProcessDefinitionTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateDeployProcessDefinitionTest.java
index 1e7d1b5df2..a9c3e68540 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateDeployProcessDefinitionTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateDeployProcessDefinitionTest.java
@@ -18,53 +18,43 @@
 package ru.runa.wf.delegate;
 
 import com.google.common.collect.Lists;
-import junit.framework.Test;
-import junit.framework.TestSuite;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionArchiveFormatException;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.DefinitionService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import java.util.Collection;
-
 /**
  * Created on 20.04.2005
  * 
  * @author Gritsenko_S
  */
 public class DefinitionServiceDelegateDeployProcessDefinitionTest extends ServletTestCase {
-
-    private DefinitionService definitionService = null;
-
-    private WfServiceTestHelper helper = null;
+    private WfServiceTestHelper h;
+    private DefinitionService definitionService;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        Collection<Permission> deployPermissions = Lists.newArrayList(Permission.CREATE);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitions(deployPermissions);
-
-        super.setUp();
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_DEFINITION), SecuredSingleton.SYSTEM);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testDeployInvalidProcessByAuthorizedPerformer() throws Exception {
+    public void testDeployInvalidProcessByAuthorizedUser() {
         try {
-            definitionService.deployProcessDefinition(helper.getAuthorizedPerformerUser(), helper.getInValidProcessDefinition(),
-                    Lists.newArrayList("testProcess"));
-            assertTrue("definitionDelegate.deployProcessByAuthorizedPerformer() no DefinitionArchiveFormatException", false);
+            definitionService.deployProcessDefinition(h.getAuthorizedUser(), h.getInValidProcessDefinition(), Lists.newArrayList("testProcess"));
+            fail();
         } catch (DefinitionArchiveFormatException e) {
-            // That's what we expect
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetDeclaredVariablesNamesTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetDeclaredVariablesNamesTest.java
index a18b8a3407..689d4dbd5e 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetDeclaredVariablesNamesTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetDeclaredVariablesNamesTest.java
@@ -1,67 +1,58 @@
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.DefinitionService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.User;
 import ru.runa.wfe.var.VariableDefinition;
 
-import com.google.common.collect.Lists;
-
 /**
  * @author Pashkov Alexander
  */
 public class DefinitionServiceDelegateGetDeclaredVariablesNamesTest extends ServletTestCase {
-
     private static final String DEFINITION_WITH_VARIABLES_XML = "processWithVariablesXml";
 
-    private DefinitionService definitionService = null;
-
-    private WfServiceTestHelper helper = null;
+    private WfServiceTestHelper h;
+    private DefinitionService definitionService;
 
     private long definitionWithVariablesXmlId;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        Collection<Permission> deployPermissions = Lists.newArrayList(Permission.CREATE);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitions(deployPermissions);
-        definitionService.deployProcessDefinition(helper.getAuthorizedPerformerUser(),
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_DEFINITION), SecuredSingleton.SYSTEM);
+
+        definitionService.deployProcessDefinition(h.getAuthorizedUser(),
                 WfServiceTestHelper.readBytesFromFile(DEFINITION_WITH_VARIABLES_XML + ".par"), Lists.newArrayList("testProcess"));
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, DEFINITION_WITH_VARIABLES_XML);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.READ), DEFINITION_WITH_VARIABLES_XML);
 
         definitionWithVariablesXmlId = definitionService
-                .getLatestProcessDefinition(helper.getAuthorizedPerformerUser(), DEFINITION_WITH_VARIABLES_XML).getId();
-
-        super.setUp();
+                .getLatestProcessDefinition(h.getAuthorizedUser(), DEFINITION_WITH_VARIABLES_XML).getId();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition(DEFINITION_WITH_VARIABLES_XML);
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(DEFINITION_WITH_VARIABLES_XML);
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testGetDeclaredVariablesNamesByAuthorizedSubject() {
-        testImpl(helper.getAuthorizedPerformerUser(), definitionWithVariablesXmlId, Lists.newArrayList("var1", "Var2", "var3"), null);
+    public void testGetDeclaredVariablesNamesByAuthorizedUser() {
+        testImpl(h.getAuthorizedUser(), definitionWithVariablesXmlId, Lists.newArrayList("var1", "Var2", "var3"), null);
     }
 
     public void testGetDeclaredVariablesNamesOnInvalidDefinitionId() {
-        testImpl(helper.getAuthorizedPerformerUser(), -1, null, DefinitionDoesNotExistException.class);
+        testImpl(h.getAuthorizedUser(), -1, null, DefinitionDoesNotExistException.class);
     }
 
     private void testImpl(User user, long definitionId, List<String> expected, Class<? extends Exception> exception) {
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFileTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFileTest.java
index b7b0c7f725..295ca63a5d 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFileTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFileTest.java
@@ -17,10 +17,8 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-
+import com.google.common.collect.Lists;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.definition.DefinitionFileDoesNotExistException;
@@ -29,82 +27,71 @@
 import ru.runa.wfe.service.DefinitionService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
  * Powered by Dofs
  */
 public class DefinitionServiceDelegateGetFileTest extends ServletTestCase {
+    private static final String VALID_FILE_NAME = "description.txt";
+    private static final String INVALID_FILE_NAME = "processdefinitioninvalid.xml";
 
+    private WfServiceTestHelper h = null;
     private DefinitionService definitionService = null;
 
-    private WfServiceTestHelper helper = null;
-
     private long definitionId;
 
-    private final String VALID_FILE_NAME = "description.txt";
-
-    private final String INVALID_FILE_NAME = "processdefinitioninvalid.xml";
-
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-
-        definitionId = definitionService.getLatestProcessDefinition(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME)
-                .getId();
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.READ), WfServiceTestHelper.VALID_PROCESS_NAME);
+        definitionId = definitionService.getLatestProcessDefinition(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME).getId();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testGetFileTestByAuthorizedSubject() throws Exception {
-        byte[] fileBytes = definitionService.getProcessDefinitionFile(helper.getAuthorizedPerformerUser(), definitionId, VALID_FILE_NAME);
+    public void testGetFileTestByAuthorizedUser() {
+        byte[] fileBytes = definitionService.getProcessDefinitionFile(h.getAuthorizedUser(), definitionId, VALID_FILE_NAME);
         assertNotNull("file bytes is null", fileBytes);
     }
 
     /*
-     * We allowing that now public void testGetFileTestByUnauthorizedSubject() throws Exception { try {
-     * definitionDelegate.getFile(helper.getUnauthorizedPerformerUser(), definitionId, VALID_FILE_NAME);
-     * assertTrue("testGetFileTestByUnauthorizedSubject , no AuthorizationException" , false); } catch (AuthorizationException e) { } }
+     * We allowing that now public void testGetFileTestByUnauthorizedUser() { try {
+     * definitionDelegate.getFile(h.getUnauthorizedUser(), definitionId, VALID_FILE_NAME);
+     * fail(); } catch (AuthorizationException e) { } }
      */
 
-    public void testGetFileTestByFakeSubject() throws Exception {
+    public void testGetFileTestByFakeUser() {
         try {
-            definitionService.getProcessDefinitionFile(helper.getFakeUser(), definitionId, VALID_FILE_NAME);
-            assertTrue("testGetFileTestByFakeSubject , no AuthenticationException", false);
+            definitionService.getProcessDefinitionFile(h.getFakeUser(), definitionId, VALID_FILE_NAME);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetFileTestByAuthorizedSubjectWithInvalidDefinitionId() throws Exception {
+    public void testGetFileTestByAuthorizedUserWithInvalidDefinitionId() {
         try {
-            definitionService.getProcessDefinitionFile(helper.getAuthorizedPerformerUser(), -1L, VALID_FILE_NAME);
-            fail("testGetFileTestByAuthorizedSubjectWithInvalidDefinitionId, no DefinitionDoesNotExistException");
+            definitionService.getProcessDefinitionFile(h.getAuthorizedUser(), -1L, VALID_FILE_NAME);
+            fail();
         } catch (DefinitionDoesNotExistException e) {
-            // expected
+            // Expected.
         }
     }
 
-    public void testGetFileTestByAuthorizedSubjectWithInvalidFileName() throws Exception {
+    public void testGetFileTestByAuthorizedUserWithInvalidFileName() {
         try {
-            definitionService.getProcessDefinitionFile(helper.getAuthorizedPerformerUser(), definitionId, INVALID_FILE_NAME);
+            definitionService.getProcessDefinitionFile(h.getAuthorizedUser(), definitionId, INVALID_FILE_NAME);
             // TODO
-            // fail("testGetFileTestByAuthorizedSubjectWithInvalidFileName, no ProcessDefinitionFileNotFoundException");
+            // fail();
         } catch (DefinitionFileDoesNotExistException e) {
-            // expected
+            // Expected.
             fail("TODO trap");
         }
     }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFormTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFormTest.java
index a1f2613570..4815499d9d 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFormTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetFormTest.java
@@ -17,27 +17,21 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
 import java.util.Map;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.form.Interaction;
 import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.DefinitionService;
-import ru.runa.wfe.service.ExecutionService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 import ru.runa.wfe.var.VariableDefinition;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 20.04.2005
  * 
@@ -47,56 +41,44 @@
 public class DefinitionServiceDelegateGetFormTest extends ServletTestCase {
     private final static String STATE_1_TYPE = "html";
     private final static String STATE_2_TYPE = "swt";
+    private static final String VARIABLE_DEFAULT_FORMAT = "ru.runa.bpm.web.formgen.format.DefaultFormat";
+    private static final String VARIABLE_DOUBLE_FORMAT = "ru.runa.bpm.web.formgen.format.DoubleFormat";
 
-    final String VARIABLE_DEFAULT_FORMAT = "ru.runa.bpm.web.formgen.format.DefaultFormat";
-
-    final String VARIABLE_DOUBLE_FORMAT = "ru.runa.bpm.web.formgen.format.DoubleFormat";
-
-    private ExecutionService executionService;
-
+    private WfServiceTestHelper h = null;
     private DefinitionService definitionService;
-
-    private WfServiceTestHelper th = null;
-
     private WfTask task;
 
-    protected static final long FAKE_ID = -1;
-    protected static final String FAKE_NAME = "FAKE NAME OF TASK";
-
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
-        executionService = Delegates.getExecutionService();
 
-        definitionService.deployProcessDefinition(th.getAdminUser(),
+        definitionService.deployProcessDefinition(h.getAdminUser(),
                 WfServiceTestHelper.readBytesFromFile(WfServiceTestHelper.ONE_SWIMLANE_FILE_NAME), Lists.newArrayList("testProcess"));
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME);
-
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME, null);
-        super.setUp();
-    }
+        val pp = Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(pp, WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME);
 
-    private void initTaskData() throws AuthorizationException, AuthenticationException {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
-        assertNotNull(tasks);
-        assertEquals(tasks.size() > 0, true);
-        task = tasks.get(0);
+        Delegates.getExecutionService().startProcess(h.getAuthorizedUser(), WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME, null);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testGetFormTestByAuthorizedSubject() throws Exception {
+    private void initTaskData() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
+        assertNotNull(tasks);
+        assertTrue(tasks.size() > 0);
+        task = tasks.get(0);
+    }
+
+    public void testGetFormTestByAuthorizedUser() {
         initTaskData();
-        Interaction interaction = definitionService.getTaskNodeInteraction(th.getAuthorizedPerformerUser(), task.getDefinitionId(), task.getNodeId());
+        Interaction interaction = definitionService.getTaskNodeInteraction(h.getAuthorizedUser(), task.getDefinitionId(), task.getNodeId());
         // TODO assertEquals("form name differ from original", STATE_1_NAME,
         // interaction.getStateName());
         // TODO assertEquals("form name differ from original", STATE_1_TYPE,
@@ -104,35 +86,37 @@ public void testGetFormTestByAuthorizedSubject() throws Exception {
 
     }
 
-    public void testGetFormTestByUnauthorizedSubject() throws Exception {
+    public void testGetFormTestByUnauthorizedUser() {
         initTaskData();
-        definitionService.getTaskNodeInteraction(th.getUnauthorizedPerformerUser(), task.getDefinitionId(), task.getNodeId());
+        definitionService.getTaskNodeInteraction(h.getUnauthorizedUser(), task.getDefinitionId(), task.getNodeId());
     }
 
-    public void testGetFormTestByFakeSubject() throws Exception {
+    public void testGetFormTestByFakeUser() {
         initTaskData();
         try {
-            task = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation()).get(0);
-            definitionService.getTaskNodeInteraction(th.getFakeUser(), task.getDefinitionId(), task.getNodeId());
-            fail("testGetFormTestByFakeSubject , no AuthenticationException");
+            task = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation()).get(0);
+            definitionService.getTaskNodeInteraction(h.getFakeUser(), task.getDefinitionId(), task.getNodeId());
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetFormTestByAuthorizedSubjectWithInvalidDefinitionId() throws Exception {
+    public void testGetFormTestByAuthorizedUserWithInvalidDefinitionId() {
         initTaskData();
         try {
-            definitionService.getTaskNodeInteraction(th.getAuthorizedPerformerUser(), -1l, "");
-            fail("testGetFormTestByAuthorizedSubjectWithInvalidDefinitionId , no Exception");
+            definitionService.getTaskNodeInteraction(h.getAuthorizedUser(), -1L, "");
+            fail();
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 
-    public void testCheckForm() throws Exception {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
-        assertEquals(tasks.size() > 0, true);
+    public void testCheckForm() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
+        assertTrue(tasks.size() > 0);
 
-        Interaction interaction = definitionService.getTaskNodeInteraction(th.getAuthorizedPerformerUser(), tasks.get(0).getDefinitionId(),
+        Interaction interaction = definitionService.getTaskNodeInteraction(h.getAuthorizedUser(), tasks.get(0).getDefinitionId(),
                 tasks.get(0).getNodeId());
 
         // TODO assertEquals("state name differs from expected", STATE_1_NAME,
@@ -167,10 +151,10 @@ public void testCheckForm() throws Exception {
             // assertTrue("optional variable flag was set to true",
             // var.isOptional());
 
-            th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-            tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
-            interaction = definitionService.getTaskNodeInteraction(th.getAuthorizedPerformerUser(), tasks.get(0).getDefinitionId(),
+            tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
+            interaction = definitionService.getTaskNodeInteraction(h.getAuthorizedUser(), tasks.get(0).getDefinitionId(),
                     tasks.get(0).getNodeId());
 
             // TODO assertEquals("state name differs from expected",
@@ -187,5 +171,4 @@ public void testCheckForm() throws Exception {
             // var.isOptional());
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestDefinitionStubTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestDefinitionStubTest.java
index 4baee36c0e..862f3ac966 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestDefinitionStubTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestDefinitionStubTest.java
@@ -17,10 +17,8 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-
+import com.google.common.collect.Lists;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.definition.dto.WfDefinition;
@@ -30,8 +28,6 @@
 import ru.runa.wfe.service.DefinitionService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 20.04.2005
  * 
@@ -39,59 +35,56 @@
  * 
  */
 public class DefinitionServiceDelegateGetLatestDefinitionStubTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private DefinitionService definitionService;
-    private WfServiceTestHelper helper = null;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.READ), WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testGetLatestDefinitionStubByAuthorizedUser() throws Exception {
-        WfDefinition process = definitionService.getLatestProcessDefinition(helper.getAuthorizedPerformerUser(),
+    public void testGetLatestDefinitionStubByAuthorizedUser() {
+        WfDefinition process = definitionService.getLatestProcessDefinition(h.getAuthorizedUser(),
                 WfServiceTestHelper.VALID_PROCESS_NAME);
         assertEquals("definitionDelegate.getLatestDefinitionStub() returned process with different name", process.getName(),
                 WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
-    public void testGetLatestDefinitionStubByUnauthorizedUser() throws Exception {
+    public void testGetLatestDefinitionStubByUnauthorizedUser() {
         try {
-            definitionService.getLatestProcessDefinition(helper.getUnauthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
-            fail("testGetLatestDefinitionStubByUnauthorizedSubject, no AuthorizationException");
+            definitionService.getLatestProcessDefinition(h.getUnauthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetLatestDefinitionStubByFakeUser() throws Exception {
+    public void testGetLatestDefinitionStubByFakeUser() {
         try {
-            definitionService.getLatestProcessDefinition(helper.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
-            fail("testGetLatestDefinitionStubByUnauthorizedSubject, no AuthenticationException");
+            definitionService.getLatestProcessDefinition(h.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetLatestDefinitionStubByAuthorizedSubjectWithInvalidProcessName() throws Exception {
+    public void testGetLatestDefinitionStubByAuthorizedUserWithInvalidProcessName() {
         try {
-            definitionService.getLatestProcessDefinition(helper.getAuthorizedPerformerUser(), "0_Invalid_Process_Name");
-            fail("testGetLatestDefinitionStubByAuthorizedSubjectWithInvalidProcessName, no Exception");
+            definitionService.getLatestProcessDefinition(h.getAuthorizedUser(), "0_Invalid_Process_Name");
+            fail();
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestProcessDefinitionsStubsTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestProcessDefinitionsStubsTest.java
index 8314974b48..bc00b8ddba 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestProcessDefinitionsStubsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetLatestProcessDefinitionsStubsTest.java
@@ -19,6 +19,7 @@
 
 import java.util.List;
 
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 
 import ru.runa.wf.service.WfServiceTestHelper;
@@ -35,54 +36,50 @@
  * @author Gritsenko_S
  */
 public class DefinitionServiceDelegateGetLatestProcessDefinitionsStubsTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private DefinitionService definitionService;
-
-    private WfServiceTestHelper helper = null;
-
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-        batchPresentation = helper.getProcessDefinitionBatchPresentation();
-        super.setUp();
+        h.deployValidProcessDefinition();
+        batchPresentation = h.getProcessDefinitionBatchPresentation();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         definitionService = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testGetLatestProcessDefinitionsStubsByAuthorizedSubject() throws Exception {
-        List<WfDefinition> processes = definitionService.getProcessDefinitions(helper.getAuthorizedPerformerUser(), batchPresentation, false);
+    public void testGetLatestProcessDefinitionsStubsByAuthorizedUser() {
+        List<WfDefinition> processes = definitionService.getProcessDefinitions(h.getAuthorizedUser(), batchPresentation, false);
 
         assertEquals("definitionDelegate.getLatestDefinitionStub() returned not expected list", 1, processes.size());
         assertEquals("definitionDelegate.getLatestDefinitionStub() returned process with different name", processes.get(0).getName(),
                 WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
-    public void testGetLatestProcessDefinitionsStubsByUnauthorizedSubject() throws Exception {
-        List<WfDefinition> processes;
+    public void testGetLatestProcessDefinitionsStubsByUnauthorizedUser() {
         try {
-            processes = definitionService.getProcessDefinitions(helper.getUnauthorizedPerformerUser(), batchPresentation, false);
-            assertEquals("testGetLatestDefinitionStubByUnauthorizedSubject returns process definition for unauthorized performer", 0,
-                    processes.size());
+            val processes = definitionService.getProcessDefinitions(h.getUnauthorizedUser(), batchPresentation, false);
+            assertEquals(0, processes.size());
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetLatestProcessDefinitionsStubsByFakeSubject() throws Exception {
+    public void testGetLatestProcessDefinitionsStubsByFakeUser() {
         try {
-            definitionService.getProcessDefinitions(helper.getFakeUser(), batchPresentation, false);
-            assertTrue("testGetLatestDefinitionStubByUnauthorizedSubject, no AuthenticationException", false);
+            definitionService.getProcessDefinitions(h.getFakeUser(), batchPresentation, false);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetProcessDefinitionStubTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetProcessDefinitionStubTest.java
index 9e0dae616c..095660f5a9 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetProcessDefinitionStubTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetProcessDefinitionStubTest.java
@@ -17,10 +17,9 @@
  */
 package ru.runa.wf.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.Collection;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.dto.WfDefinition;
 import ru.runa.wfe.security.AuthenticationException;
@@ -29,45 +28,38 @@
 import ru.runa.wfe.service.DefinitionService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 20.04.2005
  * 
  * @author Gritsenko_S
  */
 public class DefinitionServiceDelegateGetProcessDefinitionStubTest extends ServletTestCase {
+    private WfServiceTestHelper h = null;
     private DefinitionService definitionService;
 
-    private WfServiceTestHelper helper = null;
-
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-
-        super.setUp();
+        h.deployValidProcessDefinition();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testGetProcessDefinitionStubByAuthorizedSubject() throws Exception {
+    public void testGetProcessDefinitionStubByAuthorizedUser() {
         Collection<Permission> permissions = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
 
-        WfDefinition process = definitionService.getLatestProcessDefinition(helper.getAuthorizedPerformerUser(),
+        WfDefinition process = definitionService.getLatestProcessDefinition(h.getAuthorizedUser(),
                 WfServiceTestHelper.VALID_PROCESS_NAME);
         long processId = process.getId();
-        WfDefinition actualProcess = definitionService.getProcessDefinition(helper.getAuthorizedPerformerUser(), processId);
+        WfDefinition actualProcess = definitionService.getProcessDefinition(h.getAuthorizedUser(), processId);
         assertEquals("definitionDelegate.getLatestDefinitionStub returns different process by the same processId", process.getName(),
                 actualProcess.getName());
         assertEquals("definitionDelegate.getLatestDefinitionStub returns different process by the same processId", process.getId(),
@@ -76,29 +68,32 @@ public void testGetProcessDefinitionStubByAuthorizedSubject() throws Exception {
                 actualProcess.getId());
     }
 
-    public void testGetProcessDefinitionStubByAuthorizedSubjectWithoutREADPermission() throws Exception {
+    public void testGetProcessDefinitionStubByAuthorizedUserWithoutREADPermission() {
         Collection<Permission> permissions = Lists.newArrayList();
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
         try {
-            definitionService.getLatestProcessDefinition(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
-            fail("testGetProcessDefinitionStubByAuthorizedSubjectWithourREADPermission(), no AuthorizationException");
+            definitionService.getLatestProcessDefinition(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetProcessDefinitionStubByUnauthorizedSubject() throws Exception {
+    public void testGetProcessDefinitionStubByUnauthorizedUser() {
         try {
-            definitionService.getLatestProcessDefinition(helper.getUnauthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
-            fail("testGetProcessDefinitionStubByUnauthorizedSubject(), no AuthorizationException");
+            definitionService.getLatestProcessDefinition(h.getUnauthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetProcessDefinitionStubByFakeSubject() throws Exception {
+    public void testGetProcessDefinitionStubByFakeUser() {
         try {
-            definitionService.getLatestProcessDefinition(helper.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
-            fail("testGetProcessDefinitionStubByFakeSubject(), no AuthenticationException");
+            definitionService.getLatestProcessDefinition(h.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetStartFormTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetStartFormTest.java
index d86a68f926..42af6a18d9 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetStartFormTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateGetStartFormTest.java
@@ -17,12 +17,12 @@
  */
 package ru.runa.wf.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
@@ -32,42 +32,34 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.var.VariableDefinition;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 20.04.2005
  * 
  * @author Gritsenko_S
  */
 public class DefinitionServiceDelegateGetStartFormTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private DefinitionService definitionService;
-
-    private WfServiceTestHelper helper = null;
-
     private Long definitionId;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-
-        definitionId = definitionService.getLatestProcessDefinition(helper.getAdminUser(), WfServiceTestHelper.VALID_PROCESS_NAME).getId();
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        definitionId = definitionService.getLatestProcessDefinition(h.getAdminUser(), WfServiceTestHelper.VALID_PROCESS_NAME).getId();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testGetStartFormTestByAuthorizedSubject() throws Exception {
-        Interaction startForm = definitionService.getStartInteraction(helper.getAuthorizedPerformerUser(), definitionId);
+    public void testGetStartFormTestByAuthorizedUser() {
+        Interaction startForm = definitionService.getStartInteraction(h.getAuthorizedUser(), definitionId);
 
         // / TO DO : xml read from forms.xml & processdefinition.xml
         // TODO assertEquals("start form name differ from original",
@@ -75,7 +67,7 @@ public void testGetStartFormTestByAuthorizedSubject() throws Exception {
         if (false) {
             assertEquals("start form name differ from original", "html", startForm.getType());
             Map<String, VariableDefinition> vars = startForm.getVariables();
-            List<String> actual = new ArrayList<String>();
+            val actual = new ArrayList<String>();
             for (VariableDefinition var : vars.values()) {
                 actual.add(var.getName());
             }
@@ -85,23 +77,25 @@ public void testGetStartFormTestByAuthorizedSubject() throws Exception {
         }
     }
 
-    public void testGetStartFormTestByUnauthorizedSubject() throws Exception {
-        definitionService.getStartInteraction(helper.getUnauthorizedPerformerUser(), definitionId);
+    public void testGetStartFormTestByUnauthorizedUser() {
+        definitionService.getStartInteraction(h.getUnauthorizedUser(), definitionId);
     }
 
-    public void testGetStartFormTestByFakeSubject() throws Exception {
+    public void testGetStartFormTestByFakeUser() {
         try {
-            definitionService.getStartInteraction(helper.getFakeUser(), definitionId);
-            fail("testGetStartFormTestByFakeSubject , no AuthenticationException");
+            definitionService.getStartInteraction(h.getFakeUser(), definitionId);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetStartFormTestByAuthorizedSubjectWithInvalidDefinitionId() throws Exception {
+    public void testGetStartFormTestByAuthorizedUserWithInvalidDefinitionId() {
         try {
-            definitionService.getStartInteraction(helper.getAuthorizedPerformerUser(), -1l);
-            fail("testGetStartFormTestByAuthorizedSubjectWithInvalidDefinitionId , no Exception");
+            definitionService.getStartInteraction(h.getAuthorizedUser(), -1L);
+            fail();
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateRedeployProcessDefinitionTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateRedeployProcessDefinitionTest.java
index 22d2e00495..ecc37d66fb 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateRedeployProcessDefinitionTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateRedeployProcessDefinitionTest.java
@@ -17,11 +17,10 @@
  */
 package ru.runa.wf.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.Collection;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionArchiveFormatException;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
@@ -33,114 +32,108 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.User;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 20.04.2005
  * 
  * @author Gritsenko_S
  */
 public class DefinitionServiceDelegateRedeployProcessDefinitionTest extends ServletTestCase {
-
+    private WfServiceTestHelper h;
     private DefinitionService definitionService;
 
-    private WfServiceTestHelper helper = null;
-
     private long processDefinitionId;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-
-        processDefinitionId = definitionService.getLatestProcessDefinition(helper.getAdminUser(), WfServiceTestHelper.VALID_PROCESS_NAME).getId();
-
-        Collection<Permission> redeployPermissions = Lists.newArrayList(Permission.UPDATE);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(redeployPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        processDefinitionId = definitionService.getLatestProcessDefinition(h.getAdminUser(), WfServiceTestHelper.VALID_PROCESS_NAME).getId();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.UPDATE), WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testRedeployProcessByAuthorizedPerformer() throws Exception {
-        definitionService.redeployProcessDefinition(helper.getAuthorizedPerformerUser(), processDefinitionId, helper.getValidProcessDefinition(),
+    public void testRedeployProcessByAuthorizedUser() {
+        definitionService.redeployProcessDefinition(h.getAuthorizedUser(), processDefinitionId, h.getValidProcessDefinition(),
                 Lists.newArrayList("testProcess"));
-        List<WfDefinition> deployedProcesses = definitionService.getProcessDefinitions(helper.getAuthorizedPerformerUser(),
-                helper.getProcessDefinitionBatchPresentation(), false);
+        List<WfDefinition> deployedProcesses = definitionService.getProcessDefinitions(h.getAuthorizedUser(),
+                h.getProcessDefinitionBatchPresentation(), false);
         if (deployedProcesses.size() != 1) {
-            assertTrue("testRedeployProcessByAuthorizedPerformer wrongNumberOfProcessDefinitions", false);
+            fail("testRedeployProcessByAuthorizedUser() wrongNumberOfProcessDefinitions");
         }
         if (!deployedProcesses.get(0).getName().equals(WfServiceTestHelper.VALID_PROCESS_NAME)) {
-            assertTrue("testRedeployProcessByAuthorizedPerformer wrongNameOfDeployedProcessDefinitions", false);
+            fail("testRedeployProcessByAuthorizedUser() wrongNameOfDeployedProcessDefinitions");
         }
     }
 
-    public void testRedeployProcessByAuthorizedPerformerWithoutREDEPLOYPermission() throws Exception {
+    public void testRedeployProcessByAuthorizedUserWithoutREDEPLOYPermission() {
         Collection<Permission> nullPermissions = Lists.newArrayList();
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(nullPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(nullPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
 
         try {
-            definitionService.redeployProcessDefinition(helper.getAuthorizedPerformerUser(), processDefinitionId, helper.getValidProcessDefinition(),
+            definitionService.redeployProcessDefinition(h.getAuthorizedUser(), processDefinitionId, h.getValidProcessDefinition(),
                     Lists.newArrayList("testProcess"));
-            assertTrue("definitionDelegate.redeployProcessByAuthorizedPerformer() no AuthorizationException", false);
+            fail("testRedeployProcessByAuthorizedUserWithoutREDEPLOYPermission() no AuthorizationException");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testRedeployProcessByUnauthorizedPerformer() throws Exception {
+    public void testRedeployProcessByUnauthorizedUser() {
         try {
-            definitionService.redeployProcessDefinition(helper.getUnauthorizedPerformerUser(), processDefinitionId,
-                    helper.getValidProcessDefinition(), Lists.newArrayList("testProcess"));
-            assertTrue("definitionDelegate.redeployProcessByUnauthorizedPerformer() no AuthorizationException", false);
+            definitionService.redeployProcessDefinition(h.getUnauthorizedUser(), processDefinitionId,
+                    h.getValidProcessDefinition(), Lists.newArrayList("testProcess"));
+            fail("testRedeployProcessByUnauthorizedUser() no AuthorizationException");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testRedeployProcessWithFakeSubject() throws Exception {
+    public void testRedeployProcessWithFakeUser() {
         try {
-            User fakeUser = helper.getFakeUser();
-            definitionService.redeployProcessDefinition(fakeUser, processDefinitionId, helper.getValidProcessDefinition(),
+            User fakeUser = h.getFakeUser();
+            definitionService.redeployProcessDefinition(fakeUser, processDefinitionId, h.getValidProcessDefinition(),
                     Lists.newArrayList("testProcess"));
-            assertTrue("testRedeployProcessWithFakeSubject no AuthenticationException", false);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testRedeployInvalidProcessByAuthorizedPerformer() throws Exception {
+    public void testRedeployInvalidProcessByAuthorizedUser() {
         try {
-            definitionService.redeployProcessDefinition(helper.getAuthorizedPerformerUser(), processDefinitionId,
-                    helper.getInValidProcessDefinition(), Lists.newArrayList("testProcess"));
-            assertTrue("definitionDelegate.deployProcessByAuthorizedPerformer() no DefinitionParsingException", false);
+            definitionService.redeployProcessDefinition(h.getAuthorizedUser(), processDefinitionId,
+                    h.getInValidProcessDefinition(), Lists.newArrayList("testProcess"));
+            fail("testRedeployInvalidProcessByAuthorizedUser() no DefinitionParsingException");
         } catch (DefinitionArchiveFormatException e) {
+            // Expected.
         }
     }
 
-    public void testRedeployWithInvalidProcessId() throws Exception {
+    public void testRedeployWithInvalidProcessId() {
         try {
-            definitionService.redeployProcessDefinition(helper.getAuthorizedPerformerUser(), -1l, helper.getValidProcessDefinition(),
+            definitionService.redeployProcessDefinition(h.getAuthorizedUser(), -1L, h.getValidProcessDefinition(),
                     Lists.newArrayList("testProcess"));
             fail("testRedeployWithInvalidProcessId() no Exception");
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 
-    public void testRedeployInvalidProcess() throws Exception {
+    public void testRedeployInvalidProcess() {
         try {
-            definitionService.redeployProcessDefinition(helper.getAuthorizedPerformerUser(), processDefinitionId,
-                    helper.getInValidProcessDefinition(), Lists.newArrayList("testProcess"));
+            definitionService.redeployProcessDefinition(h.getAuthorizedUser(), processDefinitionId,
+                    h.getInValidProcessDefinition(), Lists.newArrayList("testProcess"));
             fail("testRedeployInvalidProcess() no Exception");
         } catch (DefinitionArchiveFormatException e) {
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateUndeployProcessDefinitionTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateUndeployProcessDefinitionTest.java
index 4ec913b6a6..8dd0c5dba5 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateUndeployProcessDefinitionTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/DefinitionServiceDelegateUndeployProcessDefinitionTest.java
@@ -17,11 +17,10 @@
  */
 package ru.runa.wf.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.Collection;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.definition.dto.WfDefinition;
@@ -31,98 +30,93 @@
 import ru.runa.wfe.service.DefinitionService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 20.04.2005
  * 
  * @author Gritsenko_S
  */
 public class DefinitionServiceDelegateUndeployProcessDefinitionTest extends ServletTestCase {
-
+    private WfServiceTestHelper h;
     private DefinitionService definitionService;
 
-    private WfServiceTestHelper helper = null;
-
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         definitionService = Delegates.getDefinitionService();
 
-        helper.deployValidProcessDefinition();
-
-        Collection<Permission> undeployPermissions = Lists.newArrayList(Permission.ALL);
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(undeployPermissions);
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.DELETE), WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.releaseResources();
+    protected void tearDown() {
+        h.releaseResources();
         definitionService = null;
-        super.tearDown();
     }
 
-    public void testUndeployProcessByAuthorizedPerformer() throws Exception {
-        definitionService.undeployProcessDefinition(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-        List<WfDefinition> deployedProcesses = definitionService.getProcessDefinitions(helper.getAuthorizedPerformerUser(),
-                helper.getProcessDefinitionBatchPresentation(), false);
+    public void testUndeployProcessByAuthorizedUser() {
+        definitionService.undeployProcessDefinition(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        List<WfDefinition> deployedProcesses = definitionService.getProcessDefinitions(h.getAuthorizedUser(),
+                h.getProcessDefinitionBatchPresentation(), false);
 
         if (deployedProcesses.size() != 0) {
-            fail("testUndeployProcessByAuthorizedPerformer wrongNumberOfProcessDefinitions after undeployment");
+            fail("testUndeployProcessByAuthorizedUser() wrongNumberOfProcessDefinitions after undeployment");
         }
 
         try {
-            definitionService.undeployProcessDefinition(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-            fail("testUndeployProcessByAuthorizedPerformer allows undeploy process definition after undeployment");
+            definitionService.undeployProcessDefinition(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            fail("testUndeployProcessByAuthorizedUser() allows undeploy process definition after undeployment");
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 
-    public void testUndeployProcessByAuthorizedPerformerWithoutUNDEPLOYPermission() throws Exception {
+    public void testUndeployProcessByAuthorizedUserWithoutUNDEPLOYPermission() {
         try {
             Collection<Permission> undeployPermissions = Lists.newArrayList();
-            helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(undeployPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
+            h.setPermissionsToAuthorizedActorOnDefinitionByName(undeployPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
 
             try {
-                definitionService.undeployProcessDefinition(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-                fail("testUndeployProcessByAuthorizedPerformerWithoutUNDEPLOYPermission, no AuthorizationException");
+                definitionService.undeployProcessDefinition(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+                fail("testUndeployProcessByAuthorizedUserWithoutUNDEPLOYPermission(), no AuthorizationException");
             } catch (AuthorizationException e1) {
+                // Expected.
             }
         } finally {
-            helper.undeployValidProcessDefinition();
+            h.undeployValidProcessDefinition();
         }
     }
 
-    public void testUndeployProcessByUnauthorizedPerformer() throws Exception {
+    public void testUndeployProcessByUnauthorizedUser() {
         try {
-            definitionService.undeployProcessDefinition(helper.getUnauthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-            fail("testUndeployProcessByUnauthorizedPerformer, no AuthorizationException");
+            definitionService.undeployProcessDefinition(h.getUnauthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            fail("testUndeployProcessByUnauthorizedUser(), no AuthorizationException");
         } catch (AuthorizationException e1) {
+            // Expected.
         } finally {
-            helper.undeployValidProcessDefinition();
+            h.undeployValidProcessDefinition();
         }
     }
 
-    public void testUndeployProcessByFakePerformer() throws Exception {
+    public void testUndeployProcessByFakeUser() {
         try {
-            definitionService.undeployProcessDefinition(helper.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-            fail("testUndeployProcessByFakePerformer, no AuthenticationException");
+            definitionService.undeployProcessDefinition(h.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            fail("no AuthenticationException");
         } catch (AuthenticationException e1) {
+            // Expected.
         } finally {
-            helper.undeployValidProcessDefinition();
+            h.undeployValidProcessDefinition();
         }
     }
 
-    public void testUndeployProcessWithUnexistentProcessName() throws Exception {
+    public void testUndeployProcessWithUnexistentProcessName() {
         try {
-            definitionService.undeployProcessDefinition(helper.getUnauthorizedPerformerUser(), "Unexistent_Process_definition_Name_000", null);
+            definitionService.undeployProcessDefinition(h.getUnauthorizedUser(), "Unexistent_Process_definition_Name_000", null);
             fail("testUndeployProcessWithNullProcessName allows undeploy process definition with unexistent name");
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         } finally {
-            helper.undeployValidProcessDefinition();
+            h.undeployValidProcessDefinition();
         }
-
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateAssignTaskTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateAssignTaskTest.java
index 1f86691570..d9d9004ee4 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateAssignTaskTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateAssignTaskTest.java
@@ -17,12 +17,10 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.definition.dto.WfDefinition;
@@ -40,18 +38,13 @@
 import ru.runa.wfe.user.User;
 import ru.runa.wfe.validation.ValidationException;
 
-import com.google.common.collect.Lists;
-
 /**
  * This test class is to check concurrent work of 2 users concerning "Assign task" function.<br />
- * It does not take into account substitution logic.
+ * It does not take substitution logic into account.
  * 
  * @see ExecutionServiceDelegateSubstitutionAssignTaskTest
  */
 public class ExecutionServiceDelegateAssignTaskTest extends ServletTestCase {
-
-    private final static String PREFIX = ExecutionServiceDelegateAssignTaskTest.class.getName();
-
     private static final String PROCESS_NAME = WfServiceTestHelper.SWIMLANE_SAME_GROUP_SEQ_PROCESS_NAME;
 
     private final static String nameActor1 = "actor1";
@@ -61,54 +54,46 @@ public class ExecutionServiceDelegateAssignTaskTest extends ServletTestCase {
     private final static String pwdActor1 = "123";
     private final static String pwdActor2 = "123";
 
-    private Actor actor1;
-    private Actor actor2;
-    private Group group;
-
     private User actor1User = null;
     private User actor2User = null;
 
-    private WfServiceTestHelper testHelper;
-
+    private WfServiceTestHelper h;
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        testHelper = new WfServiceTestHelper(PREFIX);
-
-        actor1 = testHelper.createActorIfNotExist(nameActor1, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), actor1, pwdActor1);
-        actor2 = testHelper.createActorIfNotExist(nameActor2, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), actor2, pwdActor2);
-        group = testHelper.createGroupIfNotExist(nameGroup, "description");
-        testHelper.addExecutorToGroup(actor1, group);
-        testHelper.addExecutorToGroup(actor2, group);
+    protected void setUp() {
+        val prefix = getClass().getName();
+        h = new WfServiceTestHelper(prefix);
+        batchPresentation = h.getTaskBatchPresentation();
+
+        Actor actor1 = h.createActorIfNotExist(nameActor1, prefix);
+        h.getExecutorService().setPassword(h.getAdminUser(), actor1, pwdActor1);
+        Actor actor2 = h.createActorIfNotExist(nameActor2, prefix);
+        h.getExecutorService().setPassword(h.getAdminUser(), actor2, pwdActor2);
+        Group group = h.createGroupIfNotExist(nameGroup, "description");
+        h.addExecutorToGroup(actor1, group);
+        h.addExecutorToGroup(actor2, group);
 
         {
-            Collection<Permission> perm = Lists.newArrayList(Permission.LOGIN);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), group.getId(), perm, SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor1.getId(), perm, SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor2.getId(), perm, SecuredSingleton.EXECUTORS);
+            val pp = Lists.newArrayList(Permission.LOGIN);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), group.getId(), pp, SecuredSingleton.SYSTEM);  // TODO What for?
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), actor1.getId(), pp, SecuredSingleton.SYSTEM);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), actor2.getId(), pp, SecuredSingleton.SYSTEM);
         }
 
-        actor1User = testHelper.getAuthenticationService().authenticateByLoginPassword(nameActor1, pwdActor1);
-        actor2User = testHelper.getAuthenticationService().authenticateByLoginPassword(nameActor2, pwdActor2);
+        actor1User = h.getAuthenticationService().authenticateByLoginPassword(nameActor1, pwdActor1);
+        actor2User = h.getAuthenticationService().authenticateByLoginPassword(nameActor2, pwdActor2);
 
         byte[] parBytes = WfServiceTestHelper.readBytesFromFile(PROCESS_NAME + ".par");
-        testHelper.getDefinitionService().deployProcessDefinition(testHelper.getAdminUser(), parBytes, Lists.newArrayList("testProcess"));
-        WfDefinition definition = testHelper.getDefinitionService().getLatestProcessDefinition(testHelper.getAdminUser(), PROCESS_NAME);
-        Collection<Permission> definitionPermission = Lists.newArrayList(Permission.START);
-        testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor1.getId(), definitionPermission, definition);
-
-        batchPresentation = testHelper.getTaskBatchPresentation();
-        super.setUp();
+        h.getDefinitionService().deployProcessDefinition(h.getAdminUser(), parBytes, Lists.newArrayList("testProcess"));
+        WfDefinition definition = h.getDefinitionService().getLatestProcessDefinition(h.getAdminUser(), PROCESS_NAME);
+        h.getAuthorizationService().setPermissions(h.getAdminUser(), actor1.getId(), Lists.newArrayList(Permission.START_PROCESS), definition);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        testHelper.getDefinitionService().undeployProcessDefinition(testHelper.getAdminUser(), PROCESS_NAME, null);
-        testHelper.releaseResources();
-        super.tearDown();
+    protected void tearDown() {
+        h.getDefinitionService().undeployProcessDefinition(h.getAdminUser(), PROCESS_NAME, null);
+        h.releaseResources();
     }
 
     /**
@@ -117,16 +102,14 @@ protected void tearDown() throws Exception {
      * <li>User 1 assigns a task</li>
      * <li>User 2 tries to assign the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
     // 1
-    public void testAssignAssigned() throws Exception {
+    public void testAssignAssigned() {
         {
             checkTaskList(actor1User, 0);
             checkTaskList(actor2User, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         for (int i = 0; i < 3; ++i) {
             moveAssignAssigned();
         }
@@ -142,15 +125,13 @@ public void testAssignAssigned() throws Exception {
      * <li>User 1 executes a task</li>
      * <li>User 2 tries to assign the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
-    public void testAssignMoved() throws Exception {
+    public void testAssignMoved() {
         {
             checkTaskList(actor1User, 0);
             checkTaskList(actor2User, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         for (int i = 0; i < 3; ++i) {
             try {
                 moveAssignMoved();
@@ -172,15 +153,13 @@ public void testAssignMoved() throws Exception {
      * <li>User 1 assign a task</li>
      * <li>User 2 tries to move the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
-    public void testMoveAssigned() throws Exception {
+    public void testMoveAssigned() {
         {
             checkTaskList(actor1User, 0);
             checkTaskList(actor2User, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         for (int i = 0; i < 3; ++i) {
             moveMoveAssigned();
         }
@@ -196,19 +175,17 @@ public void testMoveAssigned() throws Exception {
      * <li>User 1 executes a task</li>
      * <li>User 2 tries to execute the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
-    public void testMoveMoved() throws Exception {
+    public void testMoveMoved() {
         {
             checkTaskList(actor1User, 0);
             checkTaskList(actor2User, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         moveExecuteExecuted();
     }
 
-    private void moveAssignAssigned() throws Exception {
+    private void moveAssignAssigned() {
         WfTask[] tasks1, tasks2;
 
         {
@@ -216,7 +193,7 @@ private void moveAssignAssigned() throws Exception {
             tasks2 = checkTaskList(actor2User, 1);
         }
         Actor actor = actor1User.getActor();
-        testHelper.getTaskService().assignTask(actor1User, tasks1[0].getId(), tasks1[0].getOwner(), actor);
+        h.getTaskService().assignTask(actor1User, tasks1[0].getId(), tasks1[0].getOwner(), actor);
         {
             tasks1 = checkTaskList(actor1User, 1);
             checkTaskList(actor2User, 0);
@@ -226,22 +203,22 @@ private void moveAssignAssigned() throws Exception {
             tasks1 = checkTaskList(actor1User, 1);
             checkTaskList(actor2User, 0);
         }
-        testHelper.getTaskService().completeTask(actor1User, tasks1[0].getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(actor1User, tasks1[0].getId(), null);
     }
 
-    private void moveAssignMoved() throws Exception {
+    private void moveAssignMoved() {
         WfTask[] tasks1, tasks2;
 
         {
             tasks1 = checkTaskList(actor1User, 1);
             tasks2 = checkTaskList(actor2User, 1);
         }
-        testHelper.getTaskService().completeTask(actor1User, tasks1[0].getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(actor1User, tasks1[0].getId(), null);
         assertExceptionThrownOnAssign(actor2User, tasks2[0]);
     }
 
     // ------------------------------------------------------------------------------------------------------------------------
-    private void moveMoveAssigned() throws Exception {
+    private void moveMoveAssigned() {
         WfTask[] tasks1, tasks2;
 
         {
@@ -249,7 +226,7 @@ private void moveMoveAssigned() throws Exception {
             tasks2 = checkTaskList(actor2User, 1);
         }
         Actor actor = actor1User.getActor();
-        testHelper.getTaskService().assignTask(actor1User, tasks1[0].getId(), tasks1[0].getOwner(), actor);
+        h.getTaskService().assignTask(actor1User, tasks1[0].getId(), tasks1[0].getOwner(), actor);
         {
             tasks1 = checkTaskList(actor1User, 1);
             checkTaskList(actor2User, 0);
@@ -259,17 +236,17 @@ private void moveMoveAssigned() throws Exception {
             tasks1 = checkTaskList(actor1User, 1);
             checkTaskList(actor2User, 0);
         }
-        testHelper.getTaskService().completeTask(actor1User, tasks1[0].getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(actor1User, tasks1[0].getId(), null);
     }
 
-    private void moveExecuteExecuted() throws Exception {
+    private void moveExecuteExecuted() {
         WfTask[] tasks1, tasks2;
 
         {
             tasks1 = checkTaskList(actor1User, 1);
             tasks2 = checkTaskList(actor2User, 1);
         }
-        testHelper.getTaskService().completeTask(actor1User, tasks1[0].getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(actor1User, tasks1[0].getId(), null);
         {
             checkTaskList(actor1User, tasks1[0]);
             checkTaskList(actor2User, tasks2[0]);
@@ -277,9 +254,9 @@ private void moveExecuteExecuted() throws Exception {
         assertExceptionThrownOnExecute(actor2User, tasks2[0]);
     }
 
-    private void assertExceptionThrownOnExecute(User user, WfTask task) throws InternalApplicationException {
+    private void assertExceptionThrownOnExecute(User user, WfTask task) {
         try {
-            testHelper.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
             throw new InternalApplicationException("Exception TaskDoesNotExistException not thrown");
         } catch (AuthenticationException e) {
         } catch (AuthorizationException e) {
@@ -292,10 +269,10 @@ private void assertExceptionThrownOnExecute(User user, WfTask task) throws Inter
     }
 
     // /rask:
-    private void assertExceptionThrownOnAssign(User user, WfTask task) throws ExecutorDoesNotExistException {
+    private void assertExceptionThrownOnAssign(User user, WfTask task) {
         try {
             Actor actor = actor1User.getActor();
-            testHelper.getTaskService().assignTask(user, task.getId(), task.getOwner(), actor);
+            h.getTaskService().assignTask(user, task.getId(), task.getOwner(), actor);
             throw new InternalApplicationException("Exception TaskAlreadyAcceptedException not thrown");
         } catch (TaskAlreadyAcceptedException e) {
         } catch (AuthenticationException e) {
@@ -303,9 +280,9 @@ private void assertExceptionThrownOnAssign(User user, WfTask task) throws Execut
         }
     }
 
-    private List<WfTask> checkTaskList(User user, WfTask task) throws Exception {
+    private List<WfTask> checkTaskList(User user, WfTask task) {
         boolean result = false;
-        List<WfTask> tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         for (WfTask taskStub : tasks) {
             if (taskStub.equals(task) && taskStub.getName().equals(task.getName())) {
                 result = true;
@@ -316,8 +293,8 @@ private List<WfTask> checkTaskList(User user, WfTask task) throws Exception {
         return tasks;
     }
 
-    private WfTask[] checkTaskList(User user, int expectedLength) throws Exception {
-        List<WfTask> tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+    private WfTask[] checkTaskList(User user, int expectedLength) {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number (expected " + expectedLength + ", but was " + tasks.size() + ")", expectedLength,
                 tasks.size());
         return tasks.toArray(new WfTask[tasks.size()]);
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCancelProcessInstanceTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCancelProcessInstanceTest.java
index 3f722f9a8a..dbc8d2b280 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCancelProcessInstanceTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCancelProcessInstanceTest.java
@@ -17,14 +17,11 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.ArrayList;
+import com.google.common.collect.Lists;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.execution.ExecutionStatus;
-import ru.runa.wfe.execution.ProcessDoesNotExistException;
 import ru.runa.wfe.execution.dto.WfProcess;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.security.AuthenticationException;
@@ -33,82 +30,73 @@
 import ru.runa.wfe.service.ExecutionService;
 import ru.runa.wfe.service.delegate.Delegates;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 23.04.2005
  * 
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateCancelProcessInstanceTest extends ServletTestCase {
+    private WfServiceTestHelper h = null;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper helper = null;
-
     private WfProcess processInstance = null;
-
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        helper.deployValidProcessDefinition();
-
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-
-        batchPresentation = helper.getProcessInstanceBatchPresentation();
-
-        processInstance = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation).get(0);
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        processInstance = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation).get(0);
+        batchPresentation = h.getProcessInstanceBatchPresentation();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testCancelProcessInstanceByAuthorizedSubject() throws Exception {
-        helper.setPermissionsToAuthorizedPerformerOnProcessInstance(Lists.newArrayList(Permission.CANCEL), processInstance);
-        executionService.cancelProcess(helper.getAuthorizedPerformerUser(), processInstance.getId());
+    public void testCancelProcessInstanceByAuthorizedUser() {
+        h.setPermissionsToAuthorizedActorOnProcessInstance(Lists.newArrayList(Permission.CANCEL), processInstance);
+        executionService.cancelProcess(h.getAuthorizedUser(), processInstance.getId());
 
-        List<WfProcess> processInstances = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfProcess> processInstances = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Process instance does not exist", 1, processInstances.size());
         assertEquals("Process not cancelled", ExecutionStatus.ENDED, processInstances.get(0).getExecutionStatus());
     }
 
-    public void testCancelProcessInstanceByAuthorizedSubjectWithoutCANCELPermission() throws Exception {
-        helper.setPermissionsToAuthorizedPerformerOnProcessInstance(Lists.newArrayList(Permission.READ), processInstance);
+    public void testCancelProcessInstanceByAuthorizedUserWithoutCANCELPermission() {
+        h.setPermissionsToAuthorizedActorOnProcessInstance(Lists.newArrayList(Permission.READ), processInstance);
         try {
-            executionService.cancelProcess(helper.getAuthorizedPerformerUser(), processInstance.getId());
-            List<WfProcess> processInstances = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+            executionService.cancelProcess(h.getAuthorizedUser(), processInstance.getId());
+            List<WfProcess> processInstances = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
             assertEquals("Process instance does not exist", 1, processInstances.size());
             assertEquals("Process was canceled without CANCEL permission", ExecutionStatus.ACTIVE, processInstances.get(0).getExecutionStatus());
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testCancelProcessInstanceByFakeSubject() throws Exception {
+    public void testCancelProcessInstanceByFakeUser() {
         try {
-            executionService.cancelProcess(helper.getFakeUser(), processInstance.getId());
-            fail("executionDelegate.cancelProcessInstance(helper.getFakeUser(), ..), no AuthenticationException");
+            executionService.cancelProcess(h.getFakeUser(), processInstance.getId());
+            fail("executionDelegate.cancelProcessInstance(h.getFakeUser(), ..), no AuthenticationException");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testCancelProcessInstanceByUnauthorizedSubject() throws Exception {
+    public void testCancelProcessInstanceByUnauthorizedUser() {
         try {
-            executionService.cancelProcess(helper.getUnauthorizedPerformerUser(), processInstance.getId());
-            List<WfProcess> processInstances = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+            executionService.cancelProcess(h.getUnauthorizedUser(), processInstance.getId());
+            List<WfProcess> processInstances = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
             assertEquals("Process was cancelled by unauthorized subject", ExecutionStatus.ACTIVE, processInstances.get(0).getExecutionStatus());
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCompleteTaskTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCompleteTaskTest.java
index 610ea7de9b..0d964b5a4c 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCompleteTaskTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateCompleteTaskTest.java
@@ -17,13 +17,11 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.security.AuthenticationException;
 import ru.runa.wfe.security.AuthorizationException;
@@ -33,8 +31,6 @@
 import ru.runa.wfe.task.TaskDoesNotExistException;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 23.04.2005
  * 
@@ -43,111 +39,110 @@
  * @author kana <a href="mailto:kana@ptc.ru">
  */
 public class ExecutionServiceDelegateCompleteTaskTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
 
-    private WfServiceTestHelper th = null;
-
     private WfTask task;
-
     private Map<String, Object> legalVariables;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
 
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
 
-        th.addExecutorToGroup(th.getAuthorizedPerformerActor(), th.getBossGroup());
+        h.addExecutorToGroup(h.getAuthorizedActor(), h.getBossGroup());
         // task =
-        // executionDelegate.getTasks(helper.getAuthorizedPerformerUser(),
+        // executionDelegate.getTasks(helper.getAuthorizedUser(),
         // helper.getTaskBatchPresentation())[0];
 
-        legalVariables = new HashMap<String, Object>();
-        legalVariables.put("amount.asked", (double) 200);
-        legalVariables.put("amount.granted", (double) 150);
+        legalVariables = new HashMap<>();
+        legalVariables.put("amount.asked", 200d);
+        legalVariables.put("amount.granted", 150d);
         legalVariables.put("approved", "true");
+    }
 
-        super.setUp();
+    @Override
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
+        executionService = null;
     }
 
-    private void initTask() throws AuthorizationException, AuthenticationException {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
+    private void initTask() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
         assertNotNull(tasks);
-        assertEquals(tasks.size() > 0, true);
+        assertTrue(tasks.size() > 0);
         task = tasks.get(0);
     }
 
-    @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        th.releaseResources();
-        executionService = null;
-        super.tearDown();
-    }
-
-    public void testCompleteTaskByAuthorizedSubject() throws Exception {
+    public void testCompleteTaskByAuthorizedUser() {
         initTask();
 
         assertEquals("state name differs from expected", "evaluating", task.getName());
-        assertEquals("task <evaluating> is assigned before completeTask()", th.getBossGroup(), task.getOwner());
+        assertEquals("task <evaluating> is assigned before completeTask()", h.getBossGroup(), task.getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), task.getId(), legalVariables, null);
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation());
+        h.getTaskService().completeTask(h.getAuthorizedUser(), task.getId(), legalVariables);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation());
 
         assertEquals("Tasks not returned for Authorized Subject", 1, tasks.size());
         assertEquals("state name differs from expected", "treating collegues on cake and pie", tasks.get(0).getName());
-        assertEquals("task <treating collegues on cake and pie> is not assigned after starting [requester]", th.getBossGroup(), task.getOwner());
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), legalVariables, null);
+        assertEquals("task <treating collegues on cake and pie> is not assigned after starting [requester]", h.getBossGroup(), task.getOwner());
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), legalVariables);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), th.getTaskBatchPresentation());
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), h.getTaskBatchPresentation());
 
         assertEquals("Tasks not returned for Erp Operator Subject", 1, tasks.size());
         assertEquals("state name differs from expected", "updating erp asynchronously", tasks.get(0).getName());
-        assertEquals("task <updating erp asynchronously> is not assigned before competeTask()", th.getBossGroup(), task.getOwner());
+        assertEquals("task <updating erp asynchronously> is not assigned before competeTask()", h.getBossGroup(), task.getOwner());
     }
 
-    public void testCompleteTaskBySubjectWhichIsNotInSwimlane() throws Exception {
+    public void testCompleteTaskBySubjectWhichIsNotInSwimlane() {
         initTask();
         try {
-            th.removeExecutorFromGroup(th.getAuthorizedPerformerActor(), th.getBossGroup());
-            th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), task.getId(), legalVariables, null);
+            h.removeExecutorFromGroup(h.getAuthorizedActor(), h.getBossGroup());
+            h.getTaskService().completeTask(h.getAuthorizedUser(), task.getId(), legalVariables);
             fail("testCompleteTaskByNullSubject(), no Exception");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testCompleteTaskByUnauthorizedSubject() throws Exception {
+    public void testCompleteTaskByUnauthorizedUser() {
         initTask();
         try {
-            th.getTaskService().completeTask(th.getUnauthorizedPerformerUser(), task.getId(), legalVariables, null);
+            h.getTaskService().completeTask(h.getUnauthorizedUser(), task.getId(), legalVariables);
             fail("testCompleteTaskByNullSubject(), no AuthorizationException");
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testCompleteTaskByFakeSubject() throws Exception {
+    public void testCompleteTaskByFakeUser() {
         initTask();
         try {
-            th.getTaskService().completeTask(th.getFakeUser(), task.getId(), legalVariables, null);
-            fail("testCompleteTaskByFakeSubject(), no AuthenticationException");
+            h.getTaskService().completeTask(h.getFakeUser(), task.getId(), legalVariables);
+            fail("expected AuthenticationException");
         } catch (AuthorizationException e) {
-            fail("testCompleteTaskByFakeSubject(), no AuthenticationException");
+            fail("expected AuthenticationException");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testCompleteTaskByAuthorizedSubjectWithInvalidTaskId() throws Exception {
+    public void testCompleteTaskByAuthorizedUserWithInvalidTaskId() {
         initTask();
         try {
-            th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), -1l, legalVariables, null);
-            fail("testCompleteTaskByAuthorizedSubjectWithInvalidTaskId(), no TaskDoesNotExistException");
+            h.getTaskService().completeTask(h.getAuthorizedUser(), -1L, legalVariables);
+            fail();
         } catch (TaskDoesNotExistException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetHistoricalVariablesTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetHistoricalVariablesTest.java
index 715a410df7..3e2cabe521 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetHistoricalVariablesTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetHistoricalVariablesTest.java
@@ -21,13 +21,13 @@
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import java.util.Calendar;
-import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import junit.framework.Assert;
+import lombok.SneakyThrows;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
@@ -46,46 +46,43 @@
  * Tests for getting historical state of process variables.
  **/
 public class ExecutionServiceDelegateGetHistoricalVariablesTest extends ServletTestCase {
-    private final int defaultDelayMs = 100;
+    private static final int defaultDelayMs = 100;
 
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
     private Long processId;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
-        th.deployValidProcessDefinition(WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_FILE_NAME);
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_NAME);
+
+        h.deployValidProcessDefinition(WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_FILE_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_NAME);
         for (Stage stage : Stage.values()) {
             stage.DoStageAction(this);
         }
-        super.setUp();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testGetVariablesOnTime() throws Exception {
+    public void testGetVariablesOnTime() {
         ProcessLogFilter filter = new ProcessLogFilter(processId);
         for (Stage stage : Stage.values()) {
             filter.setCreateDateTo(stage.stageTime);
-            WfVariableHistoryState historicalVariables = executionService.getHistoricalVariables(th.getAuthorizedPerformerUser(), filter);
+            WfVariableHistoryState historicalVariables = executionService.getHistoricalVariables(h.getAuthorizedUser(), filter);
             checkVariables(stage, historicalVariables);
             checkChangedVariables(stage, historicalVariables, stage.simpleVariablesChangedFromStart);
         }
     }
 
-    public void testGetVariablesChangedOnRange() throws Exception {
+    public void testGetVariablesChangedOnRange() {
         ProcessLogFilter filter = new ProcessLogFilter(processId);
         for (Stage stage : Stage.values()) {
             if (stage.prevStage == null) {
@@ -93,13 +90,13 @@ public void testGetVariablesChangedOnRange() throws Exception {
             }
             filter.setCreateDateFrom(stage.prevStage.stageTime);
             filter.setCreateDateTo(stage.stageTime);
-            WfVariableHistoryState historicalVariables = executionService.getHistoricalVariables(th.getAuthorizedPerformerUser(), filter);
+            WfVariableHistoryState historicalVariables = executionService.getHistoricalVariables(h.getAuthorizedUser(), filter);
             checkVariables(stage, historicalVariables);
             checkChangedVariables(stage, historicalVariables, stage.simpleVariablesChanged);
         }
     }
 
-    public void testGetVariablesChangedOnTask() throws Exception {
+    public void testGetVariablesChangedOnTask() {
         ProcessLogFilter filter = new ProcessLogFilter(processId);
         for (Stage stage : Stage.values()) {
             if (stage.prevStage == null) {
@@ -107,7 +104,7 @@ public void testGetVariablesChangedOnTask() throws Exception {
             }
             filter.setCreateDateFrom(stage.prevStage.stageTime);
             filter.setCreateDateTo(stage.stageTime);
-            WfVariableHistoryState historicalVariables = executionService.getHistoricalVariables(th.getAuthorizedPerformerUser(), processId,
+            WfVariableHistoryState historicalVariables = executionService.getHistoricalVariables(h.getAuthorizedUser(), processId,
                     stage.taskId);
             checkVariables(stage, historicalVariables);
             checkChangedVariables(stage, historicalVariables, stage.simpleVariablesChanged);
@@ -157,15 +154,15 @@ private void checkChangedVariables(Stage stage, WfVariableHistoryState historica
     private enum Stage {
         NOT_STARTED(null) {
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
                 return null;
             }
         },
 
         STARTED(NOT_STARTED) {
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                User user = testInstance.th.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                User user = testInstance.h.getAuthorizedUser();
                 String processName = WfServiceTestHelper.LONG_WITH_VARIABLES_PROCESS_NAME;
                 changedVariables.put("varLong", 1L);
                 simpleVariablesChanged.add("varLong");
@@ -177,9 +174,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK1_COMPLETED(STARTED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 2L);
                 changedVariables.put("varListString", Lists.newArrayList("str1", "str2"));
@@ -199,7 +196,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 simpleVariablesChanged.add("varMapStringUT[0:v].fieldListString.size");
                 simpleVariablesChanged.add("varMapStringUT[0:v].fieldLong");
                 simpleVariablesChanged.add("varMapStringUT.size");
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -207,9 +204,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK2_COMPLETED(TASK1_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 3L);
                 changedVariables.put("varListString", Lists.newArrayList("str1", "str2", "str3"));
@@ -225,7 +222,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 simpleVariablesChanged.add("varListUT[1].fieldLong");
                 simpleVariablesChanged.add("varListUT[1].fieldString");
                 simpleVariablesChanged.add("varListUT.size");
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -233,9 +230,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK3_COMPLETED(TASK2_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 4L);
                 changedVariables.put("varListString", null);
@@ -247,7 +244,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 simpleVariablesChanged.add("varListString.size");
                 simpleVariablesChanged.add("varUT.fieldLong");
                 simpleVariablesChanged.add("varUT.fieldString");
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -255,9 +252,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK4_COMPLETED(TASK3_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 5L);
                 changedVariables.put("varListString", Lists.newArrayList("str4", "str5"));
@@ -270,7 +267,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 simpleVariablesChanged.add("varUT.fieldListString.size");
                 simpleVariablesChanged.add("varUT.fieldListString[0]");
                 simpleVariablesChanged.add("varUT.fieldListString[1]");
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -278,9 +275,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK5_COMPLETED(TASK4_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 6L);
                 changedVariables.put("varString", null);
@@ -311,7 +308,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 simpleVariablesChanged.add("varUT.fieldMapStringString.size");
                 simpleVariablesChanged.add("varUT.fieldMapStringString[0:k]");
                 simpleVariablesChanged.add("varUT.fieldMapStringString[0:v]");
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -319,9 +316,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK6_COMPLETED(TASK5_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 7L);
                 changedVariables.put("varListString", null);
@@ -331,7 +328,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 changedVariables.put("varUT", createUserType(testInstance, 13L, "tt", null, map));
                 changedVariables.put("varListUT", Lists.newArrayList(createUserType(testInstance, 5L, "ss", Lists.newArrayList("s2"), map),
                         createUserType(testInstance, 6L, "ss", Lists.newArrayList("s4"), map)));
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -339,9 +336,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK7_COMPLETED(TASK6_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 8L);
                 changedVariables.put("varListUT", null);
@@ -349,7 +346,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 map.put(createUserTypeK(testInstance, 198L, "str44"),
                         createUserType(testInstance, 1L, null, Lists.newArrayList("123", "4@34"), null));
                 changedVariables.put("varMapStringUT", map);
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -357,15 +354,15 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK8_COMPLETED(TASK7_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 9L);
                 changedVariables.put("varListString", Lists.newArrayList("str7", "str8"));
                 changedVariables.put("varUT", null);
                 changedVariables.put("varString", "12553");
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -373,13 +370,13 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         TASK9_COMPLETED(TASK8_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", 10L);
                 changedVariables.put("varListString", Lists.newArrayList("str8", "str9"));
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         },
@@ -387,9 +384,9 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
         FINISHED(TASK9_COMPLETED) {
 
             @Override
-            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
-                WfServiceTestHelper th2 = testInstance.th;
-                User user = th2.getAuthorizedPerformerUser();
+            protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
+                WfServiceTestHelper th2 = testInstance.h;
+                User user = th2.getAuthorizedUser();
                 WfTask taskStub = th2.getTaskService().getMyTasks(user, th2.getTaskBatchPresentation()).get(0);
                 changedVariables.put("varLong", -1L);
                 changedVariables.put("varString", null);
@@ -401,7 +398,7 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
                 changedVariables.put("varListUT", Lists.newArrayList(createUserType(testInstance, 5L, "ss", Lists.newArrayList("s2"), map),
                         createUserType(testInstance, 6L, "ss", Lists.newArrayList("s4"), map)));
                 changedVariables.put("varMapStringUT", null);
-                testInstance.th.getTaskService().completeTask(user, taskStub.getId(), changedVariables, null);
+                testInstance.h.getTaskService().completeTask(user, taskStub.getId(), changedVariables);
                 return taskStub.getId();
             }
         };
@@ -420,15 +417,16 @@ protected Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariab
 
         protected final Stage prevStage;
 
-        private Stage(Stage prev) {
+        Stage(Stage prev) {
             this.prevStage = prev;
         }
 
-        public void DoStageAction(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception {
+        @SneakyThrows
+        public void DoStageAction(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) {
             taskId = DoStageActionInternal(testInstance);
-            Thread.sleep(testInstance.defaultDelayMs);
+            Thread.sleep(defaultDelayMs);
             stageTime = Calendar.getInstance().getTime();
-            Thread.sleep(testInstance.defaultDelayMs);
+            Thread.sleep(defaultDelayMs);
             initializeAfterExecuteVariables();
         }
 
@@ -446,9 +444,9 @@ private void initializeAfterExecuteVariables() {
         }
 
         protected UserTypeMap createUserType(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance, Long longVal, String str,
-                List<String> list, Map<String, String> map) throws Exception {
-            WfServiceTestHelper th2 = testInstance.th;
-            User user = th2.getAuthorizedPerformerUser();
+                List<String> list, Map<String, String> map) {
+            WfServiceTestHelper th2 = testInstance.h;
+            User user = th2.getAuthorizedUser();
             WfProcess process = th2.getExecutionService().getProcess(user, testInstance.processId);
             UserTypeMap type = new UserTypeMap(th2.getDefinitionService().getUserType(user, process.getDefinitionId(), "UT"));
             type.put("fieldLong", longVal);
@@ -458,10 +456,9 @@ protected UserTypeMap createUserType(ExecutionServiceDelegateGetHistoricalVariab
             return type;
         }
 
-        protected UserTypeMap createUserTypeK(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance, Long longVal, String str)
-                throws Exception {
-            WfServiceTestHelper th2 = testInstance.th;
-            User user = th2.getAuthorizedPerformerUser();
+        protected UserTypeMap createUserTypeK(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance, Long longVal, String str) {
+            WfServiceTestHelper th2 = testInstance.h;
+            User user = th2.getAuthorizedUser();
             WfProcess process = th2.getExecutionService().getProcess(user, testInstance.processId);
             UserTypeMap type = new UserTypeMap(th2.getDefinitionService().getUserType(user, process.getDefinitionId(), "UK"));
             type.put("fieldStringK", str);
@@ -469,6 +466,6 @@ protected UserTypeMap createUserTypeK(ExecutionServiceDelegateGetHistoricalVaria
             return type;
         }
 
-        protected abstract Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance) throws Exception;
+        protected abstract Long DoStageActionInternal(ExecutionServiceDelegateGetHistoricalVariablesTest testInstance);
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubTest.java
index a5eccbcfc4..8d17c6a214 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubTest.java
@@ -33,61 +33,59 @@
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateGetProcessInstanceStubTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper helper = null;
-
     private Long processId;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        helper.deployValidProcessDefinition();
+        h.deployValidProcessDefinition();
 
         // processId =
-        executionService.startProcess(helper.getAdminUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-        processId = executionService.getProcesses(helper.getAuthorizedPerformerUser(), helper.getProcessInstanceBatchPresentation()).get(0).getId();
-
-        super.setUp();
+        executionService.startProcess(h.getAdminUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        processId = executionService.getProcesses(h.getAuthorizedUser(), h.getProcessInstanceBatchPresentation()).get(0).getId();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testGetProcessInstanceStubByAuthorizedSubject() throws Exception {
-        WfProcess processInstance = executionService.getProcess(helper.getAuthorizedPerformerUser(), processId);
+    public void testGetProcessInstanceStubByAuthorizedUser() {
+        WfProcess processInstance = executionService.getProcess(h.getAuthorizedUser(), processId);
         assertEquals("id of running process differs from requested", processId, processInstance.getId());
         assertEquals("name of running process differs from definition", WfServiceTestHelper.VALID_PROCESS_NAME, processInstance.getName());
     }
 
-    public void testGetProcessInstanceStubByUnauthorizedSubject() throws Exception {
+    public void testGetProcessInstanceStubByUnauthorizedUser() {
         try {
-            executionService.getProcess(helper.getUnauthorizedPerformerUser(), processId);
-            fail("testGetProcessInstanceStubByUnauthorizedSubject, no AuthorizationException");
+            executionService.getProcess(h.getUnauthorizedUser(), processId);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetProcessInstanceStubByFakeSubject() throws Exception {
+    public void testGetProcessInstanceStubByFakeUser() {
         try {
-            executionService.getProcess(helper.getFakeUser(), processId);
-            fail("testGetProcessInstanceStubByFakeSubject, no AuthenticationException");
+            executionService.getProcess(h.getFakeUser(), processId);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetProcessInstanceStubByAuthorizedSubjectWithInvalidProcessId() throws Exception {
+    public void testGetProcessInstanceStubByAuthorizedUserWithInvalidProcessId() {
         try {
-            executionService.getProcess(helper.getAuthorizedPerformerUser(), -1l);
-            fail("testGetProcessInstanceStubByAuthorizedSubjectWithInvalidProcessId, no ProcessInstanceDoesNotExistException");
+            executionService.getProcess(h.getAuthorizedUser(), -1L);
+            fail();
         } catch (ProcessDoesNotExistException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubsTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubsTest.java
index f3567ee78e..489d8d4424 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubsTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstanceStubsTest.java
@@ -21,6 +21,7 @@
 import java.util.List;
 import java.util.Map;
 
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
 
 import ru.runa.junit.ArrayAssert;
@@ -43,106 +44,101 @@
  * @author Vitaliy S
  */
 public class ExecutionServiceDelegateGetProcessInstanceStubsTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper helper = null;
-
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getProcessInstanceBatchPresentation();
 
-        helper.deployValidProcessDefinition();
+        h.deployValidProcessDefinition();
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
 
-        helper.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-
-        Collection<Permission> startPermissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(startPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-        batchPresentation = helper.getProcessInstanceBatchPresentation();
-        super.setUp();
+        val pp = Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(pp, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(pp, WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testGetProcessInstanceStubsByVariableFilterByAuthorizedSubject() throws Exception {
+    public void testGetProcessInstanceStubsByVariableFilterByAuthorizedUser() {
         String name = "reason";
         String value = "intention";
         Map<String, Object> variablesMap = WfServiceTestHelper.createVariablesMap(name, value);
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
         variablesMap.put(name, "anothervalue");
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
         int index = batchPresentation.getType().getFieldIndex(ProcessClassPresentation.PROCESS_VARIABLE);
         batchPresentation.addDynamicField(index, name);
         batchPresentation.getFilteredFields().put(0, new StringFilterCriteria(value));
-        List<WfProcess> processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfProcess> processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals(2, processes.size());
     }
 
-    public void testGetProcessInstanceStubsByVariableFilterWithWrongMatcherByAuthorizedSubject() throws Exception {
+    public void testGetProcessInstanceStubsByVariableFilterWithWrongMatcherByAuthorizedUser() {
         String name = "reason";
         String value = "intention";
         Map<String, Object> variablesMap = WfServiceTestHelper.createVariablesMap(name, value);
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
         int index = batchPresentation.getType().getFieldIndex(ProcessClassPresentation.PROCESS_VARIABLE);
         batchPresentation.addDynamicField(index, name);
         batchPresentation.getFilteredFields().put(0, new StringFilterCriteria("bad matcher"));
-        List<WfProcess> processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfProcess> processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals(0, processes.size());
     }
 
-    public void testGetProcessInstanceStubsByAuthorizedSubject() throws Exception {
-        List<WfProcess> processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceStubsByAuthorizedUser() {
+        List<WfProcess> processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-        processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 1, processes.size());
     }
 
-    public void testGetProcessInstanceStubsByUnauthorizedSubject() throws Exception {
-        List<WfProcess> processes = executionService.getProcesses(helper.getUnauthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceStubsByUnauthorizedUser() {
+        List<WfProcess> processes = executionService.getProcesses(h.getUnauthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-        processes = executionService.getProcesses(helper.getUnauthorizedPerformerUser(), batchPresentation);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        processes = executionService.getProcesses(h.getUnauthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
     }
 
-    public void testGetProcessInstanceStubsByFakeSubject() throws Exception {
+    public void testGetProcessInstanceStubsByFakeUser() {
         try {
-            executionService.getProcesses(helper.getFakeUser(), batchPresentation);
-            fail("testGetAllProcessInstanceStubsByFakeSubject, no AuthenticationException");
+            executionService.getProcesses(h.getFakeUser(), batchPresentation);
+            fail();
         } catch (AuthenticationException e) {
+            // Expeced.
         }
     }
 
-    public void testGetProcessInstanceStubsByAuthorizedSubjectWithoutREADPermission() throws Exception {
-        List<WfProcess> processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceStubsByAuthorizedUserWithoutREADPermission() {
+        List<WfProcess> processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-        processes = executionService.getProcesses(helper.getAdminUser(), batchPresentation);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        processes = executionService.getProcesses(h.getAdminUser(), batchPresentation);
         assertEquals("Incorrect processes array", 1, processes.size());
         Collection<Permission> nullPermissions = Lists.newArrayList();
-        helper.setPermissionsToAuthorizedPerformerOnProcessInstance(nullPermissions, processes.get(0));
-        processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        h.setPermissionsToAuthorizedActorOnProcessInstance(nullPermissions, processes.get(0));
+        processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
     }
 
-    public void testGetProcessInstanceStubsPagingByAuthorizedSubject() throws Exception {
-        List<WfProcess> processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceStubsPagingByAuthorizedUser() {
+        List<WfProcess> processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
 
         int rangeSize = 10;
@@ -151,26 +147,26 @@ public void testGetProcessInstanceStubsPagingByAuthorizedSubject() throws Except
 
         int expectedCount = 14;
         for (int i = 0; i < expectedCount; i++) {
-            executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
         }
-        processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", rangeSize, processes.size());
 
         batchPresentation.setPageNumber(2);
 
-        processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount - rangeSize, processes.size());
 
         rangeSize = 50;
         batchPresentation.setRangeSize(rangeSize);
         batchPresentation.setPageNumber(1);
 
-        processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processes.size());
     }
 
-    public void testGetProcessInstanceStubsUnexistentPageByAuthorizedSubject() throws Exception {
-        List<WfProcess> processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceStubsUnexistentPageByAuthorizedUser() {
+        List<WfProcess> processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processes.size());
 
         int rangeSize = 10;
@@ -180,23 +176,22 @@ public void testGetProcessInstanceStubsUnexistentPageByAuthorizedSubject() throw
 
         int expectedCount = 17;
         for (int i = 0; i < expectedCount; i++) {
-            executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
         }
-        List<WfProcess> firstTenProcesses = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfProcess> firstTenProcesses = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", rangeSize, firstTenProcesses.size());
 
         batchPresentation.setPageNumber(2);
-        processes = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processes = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount - 10, processes.size());
 
         // the wrong page is replaced by last page in case it contains 0 objects
         batchPresentation.setPageNumber(3);
 
-        List<WfProcess> wrongPageProcesses = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfProcess> wrongPageProcesses = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
         // due to
         // ru.runa.wfe.presentation.BatchPresentation.setFilteredFieldsMap(Map<Integer,
         // FilterCriteria>) in hibernate.update
         ArrayAssert.assertEqualArrays("Incorrect returned", firstTenProcesses, wrongPageProcesses);
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstancesCountTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstancesCountTest.java
index 29689c002a..13456fb426 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstancesCountTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetProcessInstancesCountTest.java
@@ -23,7 +23,6 @@
 import org.apache.cactus.ServletTestCase;
 
 import ru.runa.wf.service.WfServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.execution.dto.WfProcess;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.security.AuthenticationException;
@@ -37,119 +36,115 @@
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateGetProcessInstancesCountTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper helper = null;
-
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        helper.deployValidProcessDefinition();
-
-        Collection<Permission> startPermissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(startPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-        batchPresentation = helper.getProcessInstanceBatchPresentation();
-        super.setUp();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.VALID_PROCESS_NAME);
+        batchPresentation = h.getProcessInstanceBatchPresentation();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testGetProcessInstanceCountByAuthorizedSubject() throws Exception {
-        int processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceCountByAuthorizedUser() {
+        int processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processesCount);
         int expectedCount = 4;
         startInstances(expectedCount);
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
     }
 
-    public void testGetProcessInstanceCountByUnauthorizedSubject() throws Exception {
-        int processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceCountByUnauthorizedUser() {
+        int processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processesCount);
         int expectedCount = 4;
         startInstances(expectedCount);
-        processesCount = executionService.getProcessesCount(helper.getUnauthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getUnauthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processesCount);
     }
 
-    public void testGetProcessInstanceCountByFakeSubject() throws Exception {
+    public void testGetProcessInstanceCountByFakeUser() {
         try {
-            executionService.getProcessesCount(helper.getFakeUser(), batchPresentation);
-            fail("testGetAllProcessInstanceStubsByFakeSubject, no AuthenticationException");
+            executionService.getProcessesCount(h.getFakeUser(), batchPresentation);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetProcessInstanceCountByAuthorizedSubjectWithoutREADPermission() throws Exception {
-        int processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceCountByAuthorizedUserWithoutREADPermission() {
+        int processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processesCount);
         int expectedCount = 4;
         startInstances(expectedCount);
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
 
-        List<WfProcess> processInstanceStubs = executionService.getProcesses(helper.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfProcess> processInstanceStubs = executionService.getProcesses(h.getAuthorizedUser(), batchPresentation);
 
         Collection<Permission> nullPermissions = Lists.newArrayList();
         int withoutPermCount = processInstanceStubs.size() / 2;
         for (int i = 0; i < withoutPermCount; i++) {
-            helper.setPermissionsToAuthorizedPerformerOnProcessInstance(nullPermissions, processInstanceStubs.get(i));
+            h.setPermissionsToAuthorizedActorOnProcessInstance(nullPermissions, processInstanceStubs.get(i));
         }
 
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount - withoutPermCount, processesCount);
     }
 
-    public void testGetProcessInstanceCountWithSorting() throws Exception {
-        int processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceCountWithSorting() {
+        int processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processesCount);
         int expectedCount = 20;
         startInstances(expectedCount);
         batchPresentation.setFieldsToSort(new int[] { 0 }, new boolean[] { true });
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
 
         batchPresentation.setFieldsToSort(new int[] { 0 }, new boolean[] { false });
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
 
         batchPresentation.setFieldsToSort(new int[] { 0, 1, 2, 3 }, new boolean[] { true, false, true, false });
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
     }
 
-    public void testGetProcessInstanceCountWithGrouping() throws Exception {
-        int processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetProcessInstanceCountWithGrouping() {
+        int processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", 0, processesCount);
         int expectedCount = 20;
         startInstances(expectedCount);
         batchPresentation.setFieldsToGroup(new int[] { 0 });
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
 
         batchPresentation.setFieldsToGroup(new int[] { 0, 1 });
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
 
         batchPresentation.setFieldsToGroup(new int[] { 0, 1, 2, 3 });
-        processesCount = executionService.getProcessesCount(helper.getAuthorizedPerformerUser(), batchPresentation);
+        processesCount = executionService.getProcessesCount(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Incorrect processes array", expectedCount, processesCount);
     }
 
-    private void startInstances(int instanceCount) throws InternalApplicationException {
+    private void startInstances(int instanceCount) {
         for (int i = 0; i < instanceCount; i++) {
-            executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
         }
     }
 
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlaneExecutorMapTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlaneExecutorMapTest.java
index 340b8b989d..55539a2fb5 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlaneExecutorMapTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlaneExecutorMapTest.java
@@ -17,11 +17,9 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.execution.ProcessDoesNotExistException;
 import ru.runa.wfe.execution.dto.WfSwimlane;
@@ -31,9 +29,6 @@
 import ru.runa.wfe.service.ExecutionService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
-
-import com.google.common.collect.Lists;
 
 /**
  * Created on 02.05.2005
@@ -41,85 +36,85 @@
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateGetSwimlaneExecutorMapTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-    private WfServiceTestHelper th = null;
     private Long instanceId;
     private HashMap<String, Object> legalVariables;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS),
+                WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
 
         // instanceId =
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
 
-        th.addExecutorToGroup(th.getAuthorizedPerformerActor(), th.getBossGroup());
-        instanceId = executionService.getProcesses(th.getAdminUser(), th.getProcessInstanceBatchPresentation()).get(0).getId();
+        h.addExecutorToGroup(h.getAuthorizedActor(), h.getBossGroup());
+        instanceId = executionService.getProcesses(h.getAdminUser(), h.getProcessInstanceBatchPresentation()).get(0).getId();
 
-        legalVariables = new HashMap<String, Object>();
-        legalVariables.put("amount.asked", new Double(200));
-        legalVariables.put("amount.granted", new Double(150));
+        legalVariables = new HashMap<>();
+        legalVariables.put("amount.asked", 200d);
+        legalVariables.put("amount.granted", 150d);
         legalVariables.put("approved", "true");
-
-        super.setUp();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testGetSwimlaneExecutorMapByUnauthorizedSubject() throws Exception {
+    public void testGetSwimlaneExecutorMapByUnauthorizedUser() {
         try {
-            th.getTaskService().getProcessTasks(th.getUnauthorizedPerformerUser(), instanceId, true);
-            fail("testGetSwimlaneExecutorMapByUnauthorizedSubject(), no AuthorizationException");
+            h.getTaskService().getProcessTasks(h.getUnauthorizedUser(), instanceId, true);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetSwimlaneExecutorMapByFakeSubject() throws Exception {
+    public void testGetSwimlaneExecutorMapByFakeUser() {
         try {
-            th.getTaskService().getProcessTasks(th.getFakeUser(), instanceId, true);
-            fail("testGetSwimlaneExecutorMapByFakeSubject(), no AuthenticationException");
+            h.getTaskService().getProcessTasks(h.getFakeUser(), instanceId, true);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetSwimlaneExecutorMapByAuthorizedSubjectWithInvalidProcessId() throws Exception {
+    public void testGetSwimlaneExecutorMapByAuthorizedUserWithInvalidProcessId() {
         try {
-            th.getTaskService().getProcessTasks(th.getAuthorizedPerformerUser(), -1l, true);
-            fail("testGetSwimlaneExecutorMapByAuthorizedSubjectWithInvalidProcessId(), no ProcessInstanceDoesNotExistException");
+            h.getTaskService().getProcessTasks(h.getAuthorizedUser(), -1L, true);
+            fail();
         } catch (ProcessDoesNotExistException e) {
+            // Expected.
         }
     }
 
     //
-    // public void testGetSwimlaneExecutorMapByAuthorizedSubject() throws
+    // public void testGetSwimlaneExecutorMapByAuthorizedUser() throws
     // Exception {
     // Collection<Permission> readPermissions =
     // Lists.newArrayList(Permission.READ);
-    // helper.setPermissionsToAuthorizedPerformer(readPermissions,
+    // helper.setPermissionsToAuthorizedActor(readPermissions,
     // helper.getErpOperator());
     //
     // List<Swimlane> swimlanes =
-    // executionService.getSwimlanes(helper.getAuthorizedPerformerUser(),
+    // executionService.getSwimlanes(helper.getAuthorizedUser(),
     // instanceId);
     //
     // swimlanes =
-    // executionService.getSwimlanes(helper.getAuthorizedPerformerUser(),
+    // executionService.getSwimlanes(helper.getAuthorizedUser(),
     // instanceId);
     // for (Swimlane swimlane : swimlanes) {
     // Map<String, Executor> executorsInSwimlane =
-    // executionService.getActiveTasks(helper.getAuthorizedPerformerUser(),
+    // executionService.getActiveTasks(helper.getAuthorizedUser(),
     // instanceId);
     // for (String name : executorsInSwimlane.keySet()) {
     // Assert.assertEquals("Executor in the swimlane differs from expected",
@@ -128,17 +123,17 @@ public void testGetSwimlaneExecutorMapByAuthorizedSubjectWithInvalidProcessId()
     // }
     //
     // WfTask task =
-    // th.getTaskService().getMyTasks(helper.getAuthorizedPerformerUser(),
+    // h.getTaskService().getMyTasks(helper.getAuthorizedUser(),
     // helper.getTaskBatchPresentation()).get(0);
-    // th.getTaskService().completeTask(helper.getAuthorizedPerformerUser(),
+    // h.getTaskService().completeTask(helper.getAuthorizedUser(),
     // task.getId(), legalVariables);
     //
     // swimlanes =
-    // executionService.getSwimlanes(helper.getAuthorizedPerformerUser(),
+    // executionService.getSwimlanes(helper.getAuthorizedUser(),
     // instanceId);
     // for (Swimlane swimlane : swimlanes) {
     // Map<String, Executor> executorsInSwimlane =
-    // executionService.getActiveTasks(helper.getAuthorizedPerformerUser(),
+    // executionService.getActiveTasks(helper.getAuthorizedUser(),
     // instanceId,
     // swimlane.getDefinition().getName());
     // for (String name : executorsInSwimlane.keySet()) {
@@ -148,15 +143,15 @@ public void testGetSwimlaneExecutorMapByAuthorizedSubjectWithInvalidProcessId()
     // }
     // }
     //
-    // public void testGetSwimlaneExecutorMapDeletedExecutor() throws Exception
+    // public void testGetSwimlaneExecutorMapDeletedExecutor()
     // {
     // WfTask task =
-    // th.getTaskService().getMyTasks(helper.getAuthorizedPerformerUser(),
+    // h.getTaskService().getMyTasks(helper.getAuthorizedUser(),
     // helper.getTaskBatchPresentation()).get(0);
-    // th.getTaskService().completeTask(helper.getAuthorizedPerformerUser(),
+    // h.getTaskService().completeTask(helper.getAuthorizedUser(),
     // task.getId(), legalVariables);
     // List<Swimlane> swimlanes =
-    // executionService.getSwimlanes(helper.getAuthorizedPerformerUser(),
+    // executionService.getSwimlanes(helper.getAuthorizedUser(),
     // instanceId);
     // Swimlane swimlane = null;
     // for (Swimlane existing : swimlanes) {
@@ -169,24 +164,24 @@ public void testGetSwimlaneExecutorMapByAuthorizedSubjectWithInvalidProcessId()
     // helper.removeCreatedExecutor(helper.getErpOperator());
     // helper.removeExecutorIfExists(helper.getErpOperator());
     // try {
-    // executionService.getActiveTasks(helper.getAuthorizedPerformerUser(),
+    // executionService.getActiveTasks(helper.getAuthorizedUser(),
     // instanceId, swimlane.getDefinition().getName());
     // fail("executionDelegate.getSwimlaneExecutorMap() does not throw exception for getting swimlane for nonexisting executor");
     // } catch (ExecutorDoesNotExistException e) {
     // }
     // }
 
-    private Executor getExpectedExecutor(WfSwimlane WfSwimlane)
-            throws AuthorizationException, AuthenticationException, ExecutorDoesNotExistException {
+    private Executor getExpectedExecutor(WfSwimlane WfSwimlane) {
         String name = WfSwimlane.getDefinition().getName();
-        if (name.equals("requester")) {
-            return th.getAuthorizedPerformerActor();
-        } else if (name.equals("boss")) {
-            return th.getBossGroup();
-        } else if (name.equals("erp operator")) {
-            return th.getErpOperator();
-        } else {
-            throw new RuntimeException("Executor for swimlane " + WfSwimlane.getDefinition().getName() + " is unknown");
+        switch (name) {
+            case "requester":
+                return h.getAuthorizedActor();
+            case "boss":
+                return h.getBossGroup();
+            case "erp operator":
+                return h.getErpOperator();
+            default:
+                throw new RuntimeException("Executor for swimlane " + WfSwimlane.getDefinition().getName() + " is unknown");
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlanesTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlanesTest.java
index 2b189da330..5c551ce8a9 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlanesTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetSwimlanesTest.java
@@ -18,7 +18,6 @@
 package ru.runa.wf.delegate;
 
 import com.google.common.collect.Lists;
-import java.util.Collection;
 import java.util.List;
 import org.apache.cactus.ServletTestCase;
 import ru.runa.junit.ArrayAssert;
@@ -39,79 +38,76 @@
  * @author kana <a href="mailto:kana@ptc.ru">
  */
 public class ExecutionServiceDelegateGetSwimlanesTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper helper = null;
-
+    private BatchPresentation batchPresentation;
     private Long instanceId;
 
-    private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getProcessInstanceBatchPresentation();
 
-        helper.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(
+                Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS), WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
 
-        permissions = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformer(permissions, helper.getAuthorizedPerformerActor());
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.READ), h.getAuthorizedActor());
 
         // instanceId =
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
-        batchPresentation = helper.getProcessInstanceBatchPresentation();
-        instanceId = executionService.getProcesses(helper.getAdminUser(), batchPresentation).get(0).getId();
-
-        helper.addExecutorToGroup(helper.getAuthorizedPerformerActor(), helper.getBossGroup());
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
+        instanceId = executionService.getProcesses(h.getAdminUser(), batchPresentation).get(0).getId();
 
-        super.setUp();
+        h.addExecutorToGroup(h.getAuthorizedActor(), h.getBossGroup());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testGetSwimlanesByUnauthorizedSubject() throws Exception {
+    public void testGetSwimlanesByUnauthorizedUser() {
         try {
-            executionService.getProcessSwimlanes(helper.getUnauthorizedPerformerUser(), instanceId);
-            fail("testGetSwimlanesByUnauthorizedSubject(), no AuthorizationException");
+            executionService.getProcessSwimlanes(h.getUnauthorizedUser(), instanceId);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetSwimlanesByFakeSubject() throws Exception {
+    public void testGetSwimlanesByFakeUser() {
         try {
-            executionService.getProcessSwimlanes(helper.getFakeUser(), instanceId);
-            fail("testGetSwimlanesByFakeSubject(), no AuthenticationException");
+            executionService.getProcessSwimlanes(h.getFakeUser(), instanceId);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetSwimlanesByAuthorizedSubjectWithInvalidProcessId() throws Exception {
+    public void testGetSwimlanesByAuthorizedUserWithInvalidProcessId() {
         try {
-            executionService.getProcessSwimlanes(helper.getAuthorizedPerformerUser(), -1l);
-            fail("testGetSwimlanesByAuthorizedSubjectWithInvalidProcessId(), no ProcessInstanceDoesNotExistException");
+            executionService.getProcessSwimlanes(h.getAuthorizedUser(), -1L);
+            fail();
         } catch (ProcessDoesNotExistException e) {
+            // Expected.
         }
     }
 
-    public void testGetSwimlanesByAuthorizedSubject() throws Exception {
-        List<WfSwimlane> WfSwimlanes = executionService.getProcessSwimlanes(helper.getAuthorizedPerformerUser(), instanceId);
+    public void testGetSwimlanesByAuthorizedUser() {
+        List<WfSwimlane> WfSwimlanes = executionService.getProcessSwimlanes(h.getAuthorizedUser(), instanceId);
         List<String> expectedNames = Lists.newArrayList("boss", "requester", "erp operator");
         List<String> actualNames = Lists.newArrayList();
         for (WfSwimlane WfSwimlane : WfSwimlanes) {
             actualNames.add(WfSwimlane.getDefinition().getName());
             if (WfSwimlane.getDefinition().getName().equals("requester")) {
-                assertTrue("swimlane is not assigned", WfSwimlane.getExecutor() != null);
-                assertEquals("Actor differs from Assigned", helper.getAuthorizedPerformerActor(), WfSwimlane.getExecutor());
+                assertNotNull("swimlane is not assigned", WfSwimlane.getExecutor());
+                assertEquals("Actor differs from Assigned", h.getAuthorizedActor(), WfSwimlane.getExecutor());
             }
         }
         ArrayAssert.assertWeakEqualArrays("swimlane names are not equal", expectedNames, actualNames);
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetTasksTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetTasksTest.java
index 4128f040ad..2ee90f4f85 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetTasksTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetTasksTest.java
@@ -17,13 +17,11 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.List;
 import java.util.Map;
-
 import org.apache.cactus.ServletTestCase;
 import org.hibernate.TransientObjectException;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.presentation.ClassPresentation;
@@ -37,8 +35,6 @@
 import ru.runa.wfe.task.dto.WfTask;
 import ru.runa.wfe.var.dto.WfVariable;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 23.04.2005
  * 
@@ -46,84 +42,75 @@
  * @author Vitaliy S
  */
 public class ExecutionServiceDelegateGetTasksTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
     private BatchPresentation batchPresentation;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getTaskBatchPresentation();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
-
-        batchPresentation = th.getTaskBatchPresentation();
-
-        th.addExecutorToGroup(th.getAuthorizedPerformerActor(), th.getBossGroup());
-
-        super.setUp();
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS),
+                WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, null);
+        h.addExecutorToGroup(h.getAuthorizedActor(), h.getBossGroup());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testGetTasksByAuthorizedSubject() throws Exception {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+    public void testGetTasksByAuthorizedUser() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Tasks not returned for Authorized Subject", 1, tasks.size());
         assertEquals("state name differs from expected", "evaluating", tasks.get(0).getName());
-        assertEquals("task <evaluating> is assigned before completeTask()", th.getBossGroup(), tasks.get(0).getOwner());
+        assertEquals("task <evaluating> is assigned before completeTask()", h.getBossGroup(), tasks.get(0).getOwner());
 
         Map<String, Object> variables = WfServiceTestHelper.createVariablesMap("approved", "true");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), variables, null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Tasks not returned for Authorized Subject", 1, tasks.size());
         assertEquals("state name differs from expected", "treating collegues on cake and pie", tasks.get(0).getName());
-        assertEquals("task <treating collegues on cake and pie> is not assigned after starting [requester]", th.getAuthorizedPerformerActor(),
+        assertEquals("task <treating collegues on cake and pie> is not assigned after starting [requester]", h.getAuthorizedActor(),
                 tasks.get(0).getOwner());
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), variables, null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("Tasks not returned for Erp Operator Subject", 1, tasks.size());
         assertEquals("state name differs from expected", "updating erp asynchronously", tasks.get(0).getName());
-        assertEquals("task <updating erp asynchronously> is not assigned before competeTask()", th.getErpOperator(), tasks.get(0).getOwner());
+        assertEquals("task <updating erp asynchronously> is not assigned before competeTask()", h.getErpOperator(), tasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), tasks.get(0).getId(), variables, null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), tasks.get(0).getId(), variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Tasks are returned for Authorized Subject", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("Tasks not returned for Erp Operator Subject", 1, tasks.size());
         assertEquals("state name differs from expected", "notify", tasks.get(0).getName());
-        assertEquals("task <notify> is in assigned swimlane", th.getErpOperator(), tasks.get(0).getOwner());
+        assertEquals("task <notify> is in assigned swimlane", h.getErpOperator(), tasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), tasks.get(0).getId(), variables, null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), tasks.get(0).getId(), variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("Tasks are returned for Authorized Subject", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("Tasks are returned for Erp Operator Subject", 0, tasks.size());
     }
 
-    public void testGetTasksByVariableFilterByAuthorizedSubjectWithExactMatch() throws Exception {
-        Long proc1 = executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
+    public void testGetTasksByVariableFilterByAuthorizedUserWithExactMatch() {
+        Long proc1 = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
                 WfServiceTestHelper.createVariablesMap("var1", "var1Value"));
-        Long proc2 = executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
+        Long proc2 = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
                 WfServiceTestHelper.createVariablesMap("var2", "var2Value"));
         FieldDescriptor[] fields = batchPresentation.getAllFields();
         for (int i = 0; i < fields.length; ++i) {
@@ -132,22 +119,22 @@ public void testGetTasksByVariableFilterByAuthorizedSubjectWithExactMatch() thro
             }
         }
         batchPresentation.getFilteredFields().put(0, new StringFilterCriteria("var1Value"));
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals(1, tasks.size());
 
-        th.setPermissionsToAuthorizedPerformerOnProcessInstance(Lists.newArrayList(Permission.READ),
-                executionService.getProcess(th.getAdminUser(), proc1));
-        th.setPermissionsToAuthorizedPerformerOnProcessInstance(Lists.newArrayList(Permission.READ),
-                executionService.getProcess(th.getAdminUser(), proc2));
+        h.setPermissionsToAuthorizedActorOnProcessInstance(Lists.newArrayList(Permission.READ),
+                executionService.getProcess(h.getAdminUser(), proc1));
+        h.setPermissionsToAuthorizedActorOnProcessInstance(Lists.newArrayList(Permission.READ),
+                executionService.getProcess(h.getAdminUser(), proc2));
 
-        List<WfVariable> variables = executionService.getVariables(th.getAuthorizedPerformerUser(), tasks.get(0).getProcessId());
+        List<WfVariable> variables = executionService.getVariables(h.getAuthorizedUser(), tasks.get(0).getProcessId());
         assertEquals("var1Value", variables.get(0).getValue());
     }
 
-    public void testGetTasksByVariableFilterByAuthorizedSubjectWithContainsMatch() throws Exception {
-        Long proc1 = executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
+    public void testGetTasksByVariableFilterByAuthorizedUserWithContainsMatch() {
+        Long proc1 = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
                 WfServiceTestHelper.createVariablesMap("var1", "var1Value"));
-        Long proc2 = executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
+        Long proc2 = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME,
                 WfServiceTestHelper.createVariablesMap("var2", "var2Value"));
         FieldDescriptor[] fields = batchPresentation.getAllFields();
         for (int i = 0; i < fields.length; ++i) {
@@ -156,31 +143,31 @@ public void testGetTasksByVariableFilterByAuthorizedSubjectWithContainsMatch() t
             }
         }
         batchPresentation.getFilteredFields().put(0, new AnywhereStringFilterCriteria("1Val"));
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals(1, tasks.size());
 
-        th.setPermissionsToAuthorizedPerformerOnProcessInstance(Lists.newArrayList(Permission.READ),
-                executionService.getProcess(th.getAdminUser(), proc1));
-        th.setPermissionsToAuthorizedPerformerOnProcessInstance(Lists.newArrayList(Permission.READ),
-                executionService.getProcess(th.getAdminUser(), proc2));
+        h.setPermissionsToAuthorizedActorOnProcessInstance(Lists.newArrayList(Permission.READ),
+                executionService.getProcess(h.getAdminUser(), proc1));
+        h.setPermissionsToAuthorizedActorOnProcessInstance(Lists.newArrayList(Permission.READ),
+                executionService.getProcess(h.getAdminUser(), proc2));
 
-        List<WfVariable> variables = executionService.getVariables(th.getAuthorizedPerformerUser(), tasks.get(0).getProcessId());
+        List<WfVariable> variables = executionService.getVariables(h.getAuthorizedUser(), tasks.get(0).getProcessId());
         assertEquals("var1Value", variables.get(0).getValue());
     }
 
-    public void testGetTasksByUnauthorizedSubject() throws Exception {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getUnauthorizedPerformerUser(), batchPresentation);
+    public void testGetTasksByUnauthorizedUser() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getUnauthorizedUser(), batchPresentation);
         assertEquals("Tasks returned for Unauthorized Subject", 0, tasks.size());
     }
 
-    public void testGetTasksByFakeSubject() throws Exception {
+    public void testGetTasksByFakeUser() {
         try {
-            th.getTaskService().getMyTasks(th.getFakeUser(), batchPresentation);
-            fail("testGetTasksByFakeSubject(), no AuthenticationException");
+            h.getTaskService().getMyTasks(h.getFakeUser(), batchPresentation);
+            fail("expected AuthenticationException");
         } catch (TransientObjectException e) {
-            fail("testGetTasksByFakeSubject(), no AuthenticationException");
+            fail("expected AuthenticationException");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariableTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariableTest.java
index 2001acd18a..d344c6a0de 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariableTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariableTest.java
@@ -17,73 +17,63 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutionService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 import ru.runa.wfe.var.dto.WfVariable;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 23.04.2005
  * 
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateGetVariableTest extends ServletTestCase {
-    private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
-    private final String variableName = "var1";
-
-    private final String variableValue = "var1Value";
+    private static final String variableName = "var1";
+    private static final String variableValue = "var1Value";
 
+    private WfServiceTestHelper h;
+    private ExecutionService executionService;
     private Long processId;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        th.deployValidProcessDefinition();
+        h.deployValidProcessDefinition();
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
+        val permissions = Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(permissions, WfServiceTestHelper.VALID_PROCESS_NAME);
 
-        HashMap<String, Object> variablesMap = new HashMap<String, Object>();
+        val variablesMap = new HashMap<String, Object>();
         variablesMap.put(variableName, variableValue);
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, variablesMap);
-        super.setUp();
-    }
-
-    private void initTaskId() throws AuthorizationException, AuthenticationException {
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAdminUser(), th.getTaskBatchPresentation());
-        assertNotNull(tasks);
-        assertEquals(tasks.size() > 0, true);
-        processId = tasks.get(0).getProcessId();
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, variablesMap);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition();
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testGetVariableByAuthorizedSubject() throws Exception {
+    private void initTaskId() {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAdminUser(), h.getTaskBatchPresentation());
+        assertNotNull(tasks);
+        assertTrue(tasks.size() > 0);
+        processId = tasks.get(0).getProcessId();
+    }
+
+    public void testGetVariableByAuthorizedUser() {
         initTaskId();
-        WfVariable variable = executionService.getVariable(th.getAuthorizedPerformerUser(), processId, variableName);
+        WfVariable variable = executionService.getVariable(h.getAuthorizedUser(), processId, variableName);
         assertEquals("variable has incorrect value", variableValue, variable.getValue());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariablesTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariablesTest.java
index 42eb8ecab8..f5280007eb 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariablesTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateGetVariablesTest.java
@@ -17,13 +17,12 @@
  */
 package ru.runa.wf.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.execution.ProcessDoesNotExistException;
@@ -35,110 +34,105 @@
 import ru.runa.wfe.task.dto.WfTask;
 import ru.runa.wfe.var.dto.WfVariable;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 23.04.2005
  * 
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateGetVariablesTest extends ServletTestCase {
-    private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
-    private Long taskId;
+    private static final String variableName = "var1";
+    private static final String variableValue = "var1Value";
 
+    private WfServiceTestHelper h;
+    private ExecutionService executionService;
     private Long processId;
-
-    private final String variableName = "var1";
-
-    private final String variableValue = "var1Value";
+    private Long taskId;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
+        h.deployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_FILE_NAME);
 
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
 
-        HashMap<String, Object> variablesMap = new HashMap<String, Object>();
-        variablesMap.put(variableName, variableValue);
-        processId = executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, variablesMap);
+        val vars = new HashMap<String, Object>();
+        vars.put(variableName, variableValue);
+        processId = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.SWIMLANE_PROCESS_NAME, vars);
 
-        th.addExecutorToGroup(th.getAuthorizedPerformerActor(), th.getBossGroup());
-        WfTask taskStub = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), th.getTaskBatchPresentation()).get(0);
+        h.addExecutorToGroup(h.getAuthorizedActor(), h.getBossGroup());
+        WfTask taskStub = h.getTaskService().getMyTasks(h.getAuthorizedUser(), h.getTaskBatchPresentation()).get(0);
         taskId = taskStub.getId();
-        super.setUp();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.SWIMLANE_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testGetVariablesByUnauthorizedSubject() throws Exception {
+    public void testGetVariablesByUnauthorizedUser() {
         try {
-            executionService.getVariables(th.getUnauthorizedPerformerUser(), processId);
-            fail("testGetVariablesByUnauthorizedSubject(), no AuthorizationException");
+            executionService.getVariables(h.getUnauthorizedUser(), processId);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testGetVariablesByFakeSubject() throws Exception {
+    public void testGetVariablesByFakeUser() {
         try {
-            executionService.getVariables(th.getFakeUser(), processId);
-            fail("testGetVariablesByFakeSubject(), no AuthenticationException");
+            executionService.getVariables(h.getFakeUser(), processId);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testGetVariablesByAuthorizedSubjectWithInvalidProcessId() throws Exception {
+    public void testGetVariablesByAuthorizedUserWithInvalidProcessId() {
         try {
-            executionService.getVariables(th.getAuthorizedPerformerUser(), -1l);
-            fail("testGetVariablesByAuthorizedSubjectWithInvalidTaskId(), no TaskDoesNotExistException");
+            executionService.getVariables(h.getAuthorizedUser(), -1L);
+            fail();
         } catch (ProcessDoesNotExistException e) {
+            // Expected.
         }
     }
 
-    public void testGetVariablesByAuthorizedSubject() throws Exception {
-        List<WfVariable> variables = executionService.getVariables(th.getAuthorizedPerformerUser(), processId);
-        List<String> names = new ArrayList<String>();
-        for (WfVariable v : variables) {
+    public void testGetVariablesByAuthorizedUser() {
+        List<WfVariable> vars = executionService.getVariables(h.getAuthorizedUser(), processId);
+        val names = new ArrayList<String>();
+        for (WfVariable v : vars) {
             names.add(v.getDefinition().getName());
         }
 
         List<String> expectedNames = Lists.newArrayList(variableName);
         ArrayAssert.assertWeakEqualArrays("variable names are not equal", expectedNames, names);
 
-        HashMap<String, Object> variables2 = new HashMap<String, Object>();
-        variables2.put("var2", "var2Value");
-        variables2.put("var3", "var3Value");
-        variables2.put("approved", "true");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), taskId, variables2, null);
+        val vars2 = new HashMap<String, Object>();
+        vars2.put("var2", "var2Value");
+        vars2.put("var3", "var3Value");
+        vars2.put("approved", "true");
+        h.getTaskService().completeTask(h.getAuthorizedUser(), taskId, vars2);
 
-        taskId = th.getTaskService().getMyTasks(th.getErpOperatorUser(), th.getTaskBatchPresentation()).get(0).getId();
+        taskId = h.getTaskService().getMyTasks(h.getErpOperatorUser(), h.getTaskBatchPresentation()).get(0).getId();
 
-        variables = executionService.getVariables(th.getAdminUser(), processId);
+        vars = executionService.getVariables(h.getAdminUser(), processId);
 
-        names = new ArrayList<String>();
-        HashMap<String, Object> vars = new HashMap<String, Object>();
-        for (WfVariable v : variables) {
+        names.clear();
+        val vars3 = new HashMap<String, Object>();
+        for (WfVariable v : vars) {
             names.add(v.getDefinition().getName());
-            vars.put(v.getDefinition().getName(), v.getValue());
+            vars3.put(v.getDefinition().getName(), v.getValue());
         }
         expectedNames = Lists.newArrayList("var2", "var3", "approved", variableName);
         ArrayAssert.assertWeakEqualArrays("variable names are not equal", expectedNames, names);
 
-        assertEquals(" variable value: <var1> differs from expected", "var1Value", vars.get("var1"));
-        assertEquals(" variable value: <var2> differs from expected", "var2Value", vars.get("var2"));
-        assertEquals(" variable value: <var3> differs from expected", "var3Value", vars.get("var3"));
-        assertEquals(" variable value: <approved> differs from expected", "true", vars.get("approved"));
+        assertEquals(" variable value: <var1> differs from expected", "var1Value", vars3.get("var1"));
+        assertEquals(" variable value: <var2> differs from expected", "var2Value", vars3.get("var2"));
+        assertEquals(" variable value: <var3> differs from expected", "var3Value", vars3.get("var3"));
+        assertEquals(" variable value: <approved> differs from expected", "true", vars3.get("approved"));
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceTest.java
index b5705d1129..3de0b6e560 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceTest.java
@@ -40,81 +40,79 @@
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateStartProcessInstanceTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
 
-    private WfServiceTestHelper helper = null;
-
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        helper.deployValidProcessDefinition();
-
-        Collection<Permission> startPermissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(startPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testStartProcessInstanceByAuthorizedSubject() throws Exception {
-        Long processInstanceId = executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+    public void testStartProcessInstanceByAuthorizedUser() {
+        Long processInstanceId = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
         assertNotNull(processInstanceId);
-        List<WfProcess> processInstances = executionService.getProcesses(helper.getAuthorizedPerformerUser(),
-                helper.getProcessInstanceBatchPresentation());
+        List<WfProcess> processInstances = executionService.getProcesses(h.getAuthorizedUser(),
+                h.getProcessInstanceBatchPresentation());
         assertEquals("Process not started", 1, processInstances.size());
         assertEquals(processInstanceId, processInstances.get(0).getId());
     }
 
-    public void testStartProcessInstanceByUnauthorizedSubject() throws Exception {
+    public void testStartProcessInstanceByUnauthorizedUser() {
         try {
-            executionService.startProcess(helper.getUnauthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-            fail("testStartProcessInstanceByUnauthorizedSubject, no AuthorizationException");
+            executionService.startProcess(h.getUnauthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testStartProcessInstanceByFakeSubject() throws Exception {
+    public void testStartProcessInstanceByFakeUser() {
         try {
-            executionService.startProcess(helper.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-            fail("testStartProcessInstanceByFakeSubject, no AuthenticationException");
+            executionService.startProcess(h.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            fail("expected AuthenticationException");
         } catch (InvalidDataAccessApiUsageException e) {
-            fail("testStartProcessInstanceByFakeSubject, no AuthenticationException");
+            fail("expected AuthenticationException");
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testStartProcessInstanceByAuthorizedSubjectWithoutSTARTPermission() throws Exception {
+    public void testStartProcessInstanceByAuthorizedUserWithoutSTARTPermission() {
         Collection<Permission> noPermissions = Lists.newArrayList();
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(noPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(noPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
         try {
-            executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-            fail("testStartProcessInstanceByAuthorizedSubjectWithoutSTARTPermission, no AuthorizationException");
+            executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testStartProcessInstanceByAuthorizedSubjectWithoutREADPermission() throws Exception {
-        Collection<Permission> startPermissions = Lists.newArrayList(Permission.START);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(startPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
-        List<WfProcess> processInstances = executionService.getProcesses(helper.getAdminUser(), helper.getProcessInstanceBatchPresentation());
+    public void testStartProcessInstanceByAuthorizedUserWithoutREADPermission() {
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS), WfServiceTestHelper.VALID_PROCESS_NAME);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+        List<WfProcess> processInstances = executionService.getProcesses(h.getAdminUser(), h.getProcessInstanceBatchPresentation());
         assertEquals(1, processInstances.size());
     }
 
-    public void testStartProcessInstanceByAuthorizedSubjectWithInvalidProcessName() throws Exception {
+    public void testStartProcessInstanceByAuthorizedUserWithInvalidProcessName() {
         try {
-            executionService.startProcess(helper.getAuthorizedPerformerUser(), "0_INVALID_PROCESS_NAME", null);
+            executionService.startProcess(h.getAuthorizedUser(), "0_INVALID_PROCESS_NAME", null);
             fail("executionDelegate.startProcessInstance(subj, invalid name), no DefinitionDoesNotExistException");
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceWithMapTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceWithMapTest.java
index 3a0b1f04b0..c76cb1a0c4 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceWithMapTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStartProcessInstanceWithMapTest.java
@@ -17,16 +17,15 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
+import lombok.val;
+import lombok.var;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.definition.dto.WfDefinition;
 import ru.runa.wfe.execution.ProcessDoesNotExistException;
@@ -38,90 +37,82 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.var.dto.WfVariable;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 23.04.2005
  * 
  * @author Gritsenko_S
  */
 public class ExecutionServiceDelegateStartProcessInstanceWithMapTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper helper = null;
-
     private Map<String, Object> startVariables;
 
     @Override
-    protected void setUp() throws Exception {
-        helper = new WfServiceTestHelper(getClass().getName());
-        helper.createDefaultExecutorsMap();
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        helper.deployValidProcessDefinition();
-
-        Collection<Permission> startPermissions = Lists.newArrayList(Permission.UPDATE, Permission.START, Permission.READ_PROCESS);
-        helper.setPermissionsToAuthorizedPerformerOnDefinitionByName(startPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-
-        helper.setPermissionsToAuthorizedPerformerOnExecutors(Lists.newArrayList(Permission.UPDATE));
+        h.createDefaultExecutorsMap();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(
+                Lists.newArrayList(Permission.UPDATE_PERMISSIONS, Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.VALID_PROCESS_NAME);
 
-        Collection<Permission> executorPermission = Lists.newArrayList(Permission.READ);
-        helper.setPermissionsToAuthorizedPerformer(executorPermission, helper.getBaseGroupActor());
-        helper.setPermissionsToAuthorizedPerformer(executorPermission, helper.getSubGroupActor());
+        val pp = Lists.newArrayList(Permission.READ);
+        h.setPermissionsToAuthorizedActor(pp, h.getBaseGroupActor());
+        h.setPermissionsToAuthorizedActor(pp, h.getSubGroupActor());
 
-        startVariables = new HashMap<String, Object>();
+        startVariables = new HashMap<>();
         startVariables.put("var1start", "var1Value");
-
-        super.setUp();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testStartProcessInstanceWithMapByUnauthorizedSubject() throws Exception {
+    public void testStartProcessInstanceWithMapByUnauthorizedUser() {
         try {
-            executionService.startProcess(helper.getUnauthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
-            fail("testStartProcessInstanceWithMapByUnauthorizedSubject(), no AuthorizationException");
+            executionService.startProcess(h.getUnauthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
+            fail();
         } catch (AuthorizationException e) {
+            // Expected.
         }
     }
 
-    public void testStartProcessInstanceWithMapByFakeSubject() throws Exception {
+    public void testStartProcessInstanceWithMapByFakeUser() {
         try {
-            executionService.startProcess(helper.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
-            fail("testStartProcessInstanceWithMapByFakeSubject(), no AuthenticationException");
+            executionService.startProcess(h.getFakeUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
+            fail();
         } catch (AuthenticationException e) {
+            // Expected.
         }
     }
 
-    public void testStartProcessInstanceWithMapByAuthorizedSubjectWithInvalidProcessDefinitionName() throws Exception {
+    public void testStartProcessInstanceWithMapByAuthorizedUserWithInvalidProcessDefinitionName() {
         try {
-            executionService.startProcess(helper.getAuthorizedPerformerUser(), "INVALID_PROCESS_NAME", startVariables);
-            assertTrue("testStartProcessInstanceWithMapByAuthorizedSubjectWithInvalidProcessDefinitionName(), no DefinitionDoesNotExistException",
-                    false);
+            executionService.startProcess(h.getAuthorizedUser(), "INVALID_PROCESS_NAME", startVariables);
+            fail();
         } catch (DefinitionDoesNotExistException e) {
+            // Expected.
         }
     }
 
-    public void testStartProcessInstanceWithMapByAuthorizedSubjectWithNullVariables() throws Exception {
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+    public void testStartProcessInstanceWithMapByAuthorizedUserWithNullVariables() {
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
     }
 
-    public void testStartProcessInstanceWithMapByAuthorizedSubject() throws Exception {
-        Long processId = executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
+    public void testStartProcessInstanceWithMapByAuthorizedUser() {
+        Long processId = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
 
-        List<WfProcess> processInstances = executionService.getProcesses(helper.getAuthorizedPerformerUser(),
-                helper.getProcessInstanceBatchPresentation());
+        List<WfProcess> processInstances = executionService.getProcesses(h.getAuthorizedUser(), h.getProcessInstanceBatchPresentation());
         assertEquals("Process not started", 1, processInstances.size());
 
-        List<WfVariable> variables = executionService.getVariables(helper.getAuthorizedPerformerUser(), processId);
+        List<WfVariable> variables = executionService.getVariables(h.getAuthorizedUser(), processId);
 
-        HashMap<String, Object> actualVariables = new HashMap<String, Object>();
+        val actualVariables = new HashMap<String, Object>();
         for (WfVariable v : variables) {
             actualVariables.put(v.getDefinition().getName(), v.getValue());
         }
@@ -130,42 +121,40 @@ public void testStartProcessInstanceWithMapByAuthorizedSubject() throws Exceptio
             assertEquals("No predefined variable", actualVariables.get(entry.getKey()), entry.getValue());
         }
         // TODO assertEquals("No swimlane variable",
-        // String.valueOf(helper.getAuthorizedPerformerActor().getCode()),
+        // String.valueOf(h.getAuthorizedActor().getCode()),
         // actualVariables.get("requester"));
     }
 
-    public void testStartProcessInstanceWithMapInstancePermissions() throws Exception {
-        WfDefinition defintiion = helper.getDefinitionService().getLatestProcessDefinition(helper.getAuthorizedPerformerUser(),
+    public void testStartProcessInstanceWithMapInstancePermissions() {
+        WfDefinition defintiion = h.getDefinitionService().getLatestProcessDefinition(h.getAuthorizedUser(),
                 WfServiceTestHelper.VALID_PROCESS_NAME);
-        Collection<Permission> permissions = Lists.newArrayList(Permission.READ_PROCESS);
-        helper.getAuthorizationService().setPermissions(helper.getAuthorizedPerformerUser(), helper.getBaseGroupActor().getId(), permissions,
-                defintiion);
-        permissions = Lists.newArrayList(Permission.READ_PROCESS, Permission.CANCEL_PROCESS);
-        helper.getAuthorizationService().setPermissions(helper.getAuthorizedPerformerUser(), helper.getSubGroupActor().getId(), permissions,
-                defintiion);
-
-        executionService.startProcess(helper.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
-
-        helper.getExecutionService().getProcesses(helper.getAuthorizedPerformerUser(), helper.getProcessInstanceBatchPresentation());
-
-        WfProcess instance = getInstance(WfServiceTestHelper.VALID_PROCESS_NAME);
-        Collection<Permission> actual = helper.getAuthorizationService().getIssuedPermissions(helper.getAuthorizedPerformerUser(),
-                helper.getBaseGroupActor(), instance);
-        Collection<Permission> expected = Lists.newArrayList(Permission.READ);
-        ArrayAssert.assertWeakEqualArrays("startProcessInstance() does not grant permissions on instance", expected, actual);
-        actual = helper.getAuthorizationService().getIssuedPermissions(helper.getAuthorizedPerformerUser(), helper.getSubGroupActor(), instance);
-        expected = Lists.newArrayList(Permission.READ, Permission.CANCEL);
-        ArrayAssert.assertWeakEqualArrays("startProcessInstance() does not grant permissions on instance", expected, actual);
-    }
 
-    private WfProcess getInstance(String definitionName) throws InternalApplicationException {
-        List<WfProcess> stubs = helper.getExecutionService().getProcesses(helper.getAuthorizedPerformerUser(),
-                helper.getProcessInstanceBatchPresentation());
+        h.getAuthorizationService().setPermissions(h.getAuthorizedUser(), h.getBaseGroupActor().getId(),
+                Lists.newArrayList(Permission.READ_PROCESS), defintiion);
+        h.getAuthorizationService().setPermissions(h.getAuthorizedUser(), h.getSubGroupActor().getId(),
+                Lists.newArrayList(Permission.READ_PROCESS, Permission.CANCEL_PROCESS), defintiion);
+
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, startVariables);
+
+        WfProcess instance = null;
+        List<WfProcess> stubs = h.getExecutionService().getProcesses(h.getAuthorizedUser(), h.getProcessInstanceBatchPresentation());
         for (WfProcess processInstance : stubs) {
-            if (definitionName.equals(processInstance.getName())) {
-                return processInstance;
+            if (WfServiceTestHelper.VALID_PROCESS_NAME.equals(processInstance.getName())) {
+                instance = processInstance;
+                break;
             }
         }
-        throw new ProcessDoesNotExistException(definitionName);
+        if (instance == null) {
+            throw new ProcessDoesNotExistException(WfServiceTestHelper.VALID_PROCESS_NAME);
+        }
+
+        var actual = h.getAuthorizationService().getIssuedPermissions(h.getAuthorizedUser(),
+                h.getBaseGroupActor(), instance);
+        ArrayAssert.assertWeakEqualArrays("startProcessInstance() does not grant permissions on instance",
+                Lists.newArrayList(Permission.READ), actual);
+
+        actual = h.getAuthorizationService().getIssuedPermissions(h.getAuthorizedUser(), h.getSubGroupActor(), instance);
+        ArrayAssert.assertWeakEqualArrays("startProcessInstance() does not grant permissions on instance",
+                Lists.newArrayList(Permission.READ, Permission.CANCEL), actual);
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStringVariableTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStringVariableTest.java
index c0cd0d2aa2..6e47e09160 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStringVariableTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateStringVariableTest.java
@@ -1,12 +1,10 @@
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentationFactory;
 import ru.runa.wfe.security.Permission;
@@ -14,54 +12,47 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-
 public class ExecutionServiceDelegateStringVariableTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
 
-    private WfServiceTestHelper th = null;
-
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
 
-        th.deployValidProcessDefinition();
-
-        Collection<Permission> startPermissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(startPermissions, WfServiceTestHelper.VALID_PROCESS_NAME);
-
-        super.setUp();
+        h.deployValidProcessDefinition();
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.VALID_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition();
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testLongVariables() throws Exception {
-        Map<String, Object> variables = new HashMap<String, Object>();
+    public void testLongVariables() {
+        val variables = new HashMap<String, Object>();
         {
-            String varName = "variable";
-            String varValue = "";
+            val varName = "variable";
+            val varValue = new StringBuilder();
             for (int i = 0; i < 200; ++i) {
-                varValue = varValue + "-";
+                varValue.append("-");
             }
-            variables.put(varName, varValue);
+            variables.put(varName, varValue.toString());
         }
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, variables);
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, variables);
         {
-            String varName = "variable";
-            String varValue = "";
+            val varName = "variable";
+            val varValue = new StringBuilder();
             for (int i = 0; i < 300; ++i) {
-                varValue = varValue + "-";
+                varValue.append("-");
             }
-            variables.put(varName, varValue);
+            variables.put(varName, varValue.toString());
         }
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAdminUser(), BatchPresentationFactory.TASKS.createDefault());
-        th.getTaskService().completeTask(th.getAdminUser(), tasks.get(0).getId(), variables, null);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAdminUser(), BatchPresentationFactory.TASKS.createDefault());
+        h.getTaskService().completeTask(h.getAdminUser(), tasks.get(0).getId(), variables);
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateSubstitutionAssignTaskTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateSubstitutionAssignTaskTest.java
index 89233af173..dcbe255e38 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateSubstitutionAssignTaskTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateSubstitutionAssignTaskTest.java
@@ -1,11 +1,9 @@
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.definition.dto.WfDefinition;
@@ -25,8 +23,6 @@
 import ru.runa.wfe.user.User;
 import ru.runa.wfe.validation.ValidationException;
 
-import com.google.common.collect.Lists;
-
 /**
  * This test class is to check substitution logic concerning "Assign task"
  * function.<br />
@@ -36,9 +32,6 @@
  * @see ExecutionServiceDelegateAssignTaskTest
  */
 public class ExecutionServiceDelegateSubstitutionAssignTaskTest extends ServletTestCase {
-
-    private final static String PREFIX = ExecutionServiceDelegateSubstitutionAssignTaskTest.class.getName();
-
     private static final String PROCESS_NAME = WfServiceTestHelper.SWIMLANE_SAME_GROUP_SEQ_PROCESS_NAME;
 
     private final static String nameActor1 = "actor1";
@@ -50,6 +43,10 @@ public class ExecutionServiceDelegateSubstitutionAssignTaskTest extends ServletT
     private final static String pwdActor2 = "123";
     private final static String pwdSubstitute = "123";
 
+    private WfServiceTestHelper h;
+    private BatchPresentation batchPresentation;
+    private SubstitutionCriteria substitutionCriteria_always;
+
     private Actor actor1;
     private Actor actor2;
     private Group group;
@@ -59,61 +56,50 @@ public class ExecutionServiceDelegateSubstitutionAssignTaskTest extends ServletT
     private User actor2SUser = null;
     private User substituteUser = null;
 
-    private SubstitutionCriteria substitutionCriteria_always;
-
-    private WfServiceTestHelper testHelper;
-
-    private BatchPresentation batchPresentation;
-
     @Override
-    protected void setUp() throws Exception {
-        testHelper = new WfServiceTestHelper(PREFIX);
+    protected void setUp() {
+        val prefix = getClass().getName();
+        h = new WfServiceTestHelper(prefix);
+        batchPresentation = h.getTaskBatchPresentation();
+        substitutionCriteria_always = h.createSubstitutionCriteria(null);
 
-        actor1 = testHelper.createActorIfNotExist(nameActor1, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), actor1, pwdActor1);
-        actor2 = testHelper.createActorIfNotExist(nameActor2, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), actor2, pwdActor2);
-        group = testHelper.createGroupIfNotExist(nameGroup, "description");
-        testHelper.addExecutorToGroup(actor1, group);
-        testHelper.addExecutorToGroup(actor2, group);
-        substitute = testHelper.createActorIfNotExist(nameSubstitute, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), substitute, pwdSubstitute);
+        actor1 = h.createActorIfNotExist(nameActor1, prefix);
+        h.getExecutorService().setPassword(h.getAdminUser(), actor1, pwdActor1);
+        actor2 = h.createActorIfNotExist(nameActor2, prefix);
+        h.getExecutorService().setPassword(h.getAdminUser(), actor2, pwdActor2);
+        group = h.createGroupIfNotExist(nameGroup, "description");
+        h.addExecutorToGroup(actor1, group);
+        h.addExecutorToGroup(actor2, group);
+        substitute = h.createActorIfNotExist(nameSubstitute, prefix);
+        h.getExecutorService().setPassword(h.getAdminUser(), substitute, pwdSubstitute);
 
         {
-            Collection<Permission> perm = Lists.newArrayList(Permission.LOGIN);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), group.getId(), perm, SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor1.getId(), perm, SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor2.getId(), perm, SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitute.getId(), perm, SecuredSingleton.EXECUTORS);
+            val pp = Lists.newArrayList(Permission.LOGIN);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), group.getId(), pp, SecuredSingleton.SYSTEM);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), actor1.getId(), pp, SecuredSingleton.SYSTEM);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), actor2.getId(), pp, SecuredSingleton.SYSTEM);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitute.getId(), pp, SecuredSingleton.SYSTEM);
         }
         {
-            Collection<Permission> perm = Lists.newArrayList(Permission.READ);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor1.getId(), perm, substitute);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitute.getId(), perm, actor1);
+            val pp = Lists.newArrayList(Permission.READ);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), actor1.getId(), pp, substitute);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitute.getId(), pp, actor1);
         }
-        actor1User = testHelper.getAuthenticationService().authenticateByLoginPassword(nameActor1, pwdActor1);
-        actor2SUser = testHelper.getAuthenticationService().authenticateByLoginPassword(nameActor2, pwdActor2);
-        substituteUser = testHelper.getAuthenticationService().authenticateByLoginPassword(nameSubstitute, pwdSubstitute);
-
-        substitutionCriteria_always = null;
-        substitutionCriteria_always = testHelper.createSubstitutionCriteria(substitutionCriteria_always);
+        actor1User = h.getAuthenticationService().authenticateByLoginPassword(nameActor1, pwdActor1);
+        actor2SUser = h.getAuthenticationService().authenticateByLoginPassword(nameActor2, pwdActor2);
+        substituteUser = h.getAuthenticationService().authenticateByLoginPassword(nameSubstitute, pwdSubstitute);
 
         byte[] parBytes = WfServiceTestHelper.readBytesFromFile(PROCESS_NAME + ".par");
-        testHelper.getDefinitionService().deployProcessDefinition(testHelper.getAdminUser(), parBytes, Lists.newArrayList("testProcess"));
-        WfDefinition definition = testHelper.getDefinitionService().getLatestProcessDefinition(testHelper.getAdminUser(), PROCESS_NAME);
-        Collection<Permission> definitionPermission = Lists.newArrayList(Permission.START);
-        testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), actor1.getId(), definitionPermission, definition);
-
-        batchPresentation = testHelper.getTaskBatchPresentation();
-        super.setUp();
+        h.getDefinitionService().deployProcessDefinition(h.getAdminUser(), parBytes, Lists.newArrayList("testProcess"));
+        WfDefinition definition = h.getDefinitionService().getLatestProcessDefinition(h.getAdminUser(), PROCESS_NAME);
+        h.getAuthorizationService().setPermissions(h.getAdminUser(), actor1.getId(), Lists.newArrayList(Permission.START_PROCESS), definition);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        testHelper.getDefinitionService().undeployProcessDefinition(testHelper.getAdminUser(), PROCESS_NAME, null);
-        testHelper.releaseResources();
-        testHelper.removeSubstitutionCriteria(substitutionCriteria_always);
-        super.tearDown();
+    protected void tearDown() {
+        h.getDefinitionService().undeployProcessDefinition(h.getAdminUser(), PROCESS_NAME, null);
+        h.releaseResources();
+        h.removeSubstitutionCriteria(substitutionCriteria_always);
     }
 
     /**
@@ -123,37 +109,35 @@ protected void tearDown() throws Exception {
      * <li>User 1 tries to assign the task</li>
      * <li>User 2 tries to assign the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
     // rask:
-    public void testAssignAssigned() throws Exception {
+    public void testAssignAssigned() {
         WfTask[] actor1Tasks;
         WfTask[] actor2Tasks;
         WfTask[] substituteTasks;
 
-        Substitution substitution1 = testHelper.createActorSubstitutor(actor1User, "ru.runa.af.organizationfunction.ExecutorByNameFunction("
+        Substitution substitution1 = h.createActorSubstitutor(actor1User, "ru.runa.af.organizationfunction.ExecutorByNameFunction("
                 + nameSubstitute + ")", substitutionCriteria_always, true);
         {
             actor1Tasks = checkTaskList(actor1User, 0);
             actor2Tasks = checkTaskList(actor2SUser, 0);
             substituteTasks = checkTaskList(substituteUser, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         {
             checkTaskList(actor1User, 1);
             checkTaskList(actor2SUser, 1);
             checkTaskList(substituteUser, 0);
         }
-        testHelper.setActorStatus(actor1, false);
-        testHelper.setActorStatus(actor2, false);
+        h.setActorStatus(actor1, false);
+        h.setActorStatus(actor2, false);
         {
             actor1Tasks = checkTaskList(actor1User, 1);
             actor2Tasks = checkTaskList(actor2SUser, 1);
             substituteTasks = checkTaskList(substituteUser, 1);
         }
         Actor actor = substituteUser.getActor();
-        testHelper.getTaskService().assignTask(substituteUser, substituteTasks[0].getId(), substituteTasks[0].getOwner(), actor);
+        h.getTaskService().assignTask(substituteUser, substituteTasks[0].getId(), substituteTasks[0].getOwner(), actor);
         {
             checkTaskList(actor1User, 0);
             checkTaskList(actor2SUser, 0);
@@ -161,8 +145,8 @@ public void testAssignAssigned() throws Exception {
         }
         assertExceptionThrownOnAssign(actor1User, actor1Tasks[0]);
         assertExceptionThrownOnAssign(actor2SUser, actor2Tasks[0]);
-        testHelper.getTaskService().completeTask(substituteUser, substituteTasks[0].getId(), new HashMap<String, Object>(), null);
-        testHelper.removeCriteriaFromSubstitution(substitution1);
+        h.getTaskService().completeTask(substituteUser, substituteTasks[0].getId(), null);
+        h.removeCriteriaFromSubstitution(substitution1);
     }
 
     /**
@@ -172,35 +156,33 @@ public void testAssignAssigned() throws Exception {
      * <li>User 1 tries to assign the task</li>
      * <li>User 2 tries to assign the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
-    public void testAssignMoved() throws Exception {
+    public void testAssignMoved() {
         WfTask[] actor1Tasks;
         WfTask[] actor2Tasks;
         WfTask[] substituteTasks;
 
-        Substitution substitution1 = testHelper.createActorSubstitutor(actor1User, "ru.runa.af.organizationfunction.ExecutorByNameFunction("
+        Substitution substitution1 = h.createActorSubstitutor(actor1User, "ru.runa.af.organizationfunction.ExecutorByNameFunction("
                 + nameSubstitute + ")", substitutionCriteria_always, true);
         {
             actor1Tasks = checkTaskList(actor1User, 0);
             actor2Tasks = checkTaskList(actor2SUser, 0);
             substituteTasks = checkTaskList(substituteUser, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         {
             checkTaskList(actor1User, 1);
             checkTaskList(actor2SUser, 1);
             checkTaskList(substituteUser, 0);
         }
-        testHelper.setActorStatus(actor1, false);
-        testHelper.setActorStatus(actor2, false);
+        h.setActorStatus(actor1, false);
+        h.setActorStatus(actor2, false);
         {
             actor1Tasks = checkTaskList(actor1User, 1);
             actor2Tasks = checkTaskList(actor2SUser, 1);
             substituteTasks = checkTaskList(substituteUser, 1);
         }
-        testHelper.getTaskService().completeTask(substituteUser, substituteTasks[0].getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(substituteUser, substituteTasks[0].getId(), null);
         {
             checkTaskList(actor1User, actor1Tasks[0]);
             checkTaskList(actor2SUser, actor2Tasks[0]);
@@ -208,7 +190,7 @@ public void testAssignMoved() throws Exception {
         }
         assertExceptionThrownOnAssign(actor1User, actor1Tasks[0]);
         assertExceptionThrownOnAssign(actor2SUser, actor2Tasks[0]);
-        testHelper.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution1);
     }
 
     /**
@@ -218,36 +200,34 @@ public void testAssignMoved() throws Exception {
      * <li>User 1 tries to execute the task</li>
      * <li>User 2 tries to execute the task</li>
      * </ul>
-     * 
-     * @throws Exception
      */
-    public void testMoveAssigned() throws Exception {
+    public void testMoveAssigned() {
         WfTask[] actor1Tasks;
         WfTask[] actor2Tasks;
         WfTask[] substituteTasks;
 
-        Substitution substitution1 = testHelper.createActorSubstitutor(actor1User, "ru.runa.af.organizationfunction.ExecutorByNameFunction("
+        Substitution substitution1 = h.createActorSubstitutor(actor1User, "ru.runa.af.organizationfunction.ExecutorByNameFunction("
                 + nameSubstitute + ")", substitutionCriteria_always, true);
         {
             actor1Tasks = checkTaskList(actor1User, 0);
             actor2Tasks = checkTaskList(actor2SUser, 0);
             substituteTasks = checkTaskList(substituteUser, 0);
         }
-        testHelper.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(actor1User, PROCESS_NAME, null);
         {
             checkTaskList(actor1User, 1);
             checkTaskList(actor2SUser, 1);
             checkTaskList(substituteUser, 0);
         }
-        testHelper.setActorStatus(actor1, false);
-        testHelper.setActorStatus(actor2, false);
+        h.setActorStatus(actor1, false);
+        h.setActorStatus(actor2, false);
         {
             actor1Tasks = checkTaskList(actor1User, 1);
             actor2Tasks = checkTaskList(actor2SUser, 1);
             substituteTasks = checkTaskList(substituteUser, 1);
         }
         Actor actor = substituteUser.getActor();
-        testHelper.getTaskService().assignTask(substituteUser, substituteTasks[0].getId(), substituteTasks[0].getOwner(), actor);
+        h.getTaskService().assignTask(substituteUser, substituteTasks[0].getId(), substituteTasks[0].getOwner(), actor);
         {
             checkTaskList(actor1User, 0);
             checkTaskList(actor2SUser, 0);
@@ -255,12 +235,12 @@ public void testMoveAssigned() throws Exception {
         }
         assertExceptionThrownOnExecute(actor1User, actor1Tasks[0]);
         assertExceptionThrownOnExecute(actor2SUser, actor2Tasks[0]);
-        testHelper.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution1);
     }
 
-    private void assertExceptionThrownOnExecute(User user, WfTask task) throws InternalApplicationException {
+    private void assertExceptionThrownOnExecute(User user, WfTask task) {
         try {
-            testHelper.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
             throw new InternalApplicationException("Exception not thrown. Actor shouldn't see assigned/executed task by another user...");
         } catch (AuthenticationException e) {
             throw new InternalApplicationException("Auth exception thrown");
@@ -274,10 +254,10 @@ private void assertExceptionThrownOnExecute(User user, WfTask task) throws Inter
         }
     }
 
-    private void assertExceptionThrownOnAssign(User user, WfTask task) throws InternalApplicationException, ExecutorDoesNotExistException {
+    private void assertExceptionThrownOnAssign(User user, WfTask task) {
         try {
             Actor actor = user.getActor();
-            testHelper.getTaskService().assignTask(user, task.getId(), task.getOwner(), actor);
+            h.getTaskService().assignTask(user, task.getId(), task.getOwner(), actor);
             throw new InternalApplicationException("Exception TaskAlreadyAcceptedException not thrown");
         } catch (TaskDoesNotExistException e) {
             // TODO this is unexpected, fix me!!!
@@ -287,9 +267,9 @@ private void assertExceptionThrownOnAssign(User user, WfTask task) throws Intern
         }
     }
 
-    private List<WfTask> checkTaskList(User user, WfTask task) throws Exception {
+    private List<WfTask> checkTaskList(User user, WfTask task) {
         boolean result = false;
-        List<WfTask> tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         for (WfTask taskStub : tasks) {
             if (taskStub.equals(task) && taskStub.getName().equals(task.getName())) {
                 result = true;
@@ -300,8 +280,8 @@ private List<WfTask> checkTaskList(User user, WfTask task) throws Exception {
         return tasks;
     }
 
-    private WfTask[] checkTaskList(User user, int expectedLength) throws Exception {
-        List<WfTask> tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+    private WfTask[] checkTaskList(User user, int expectedLength) {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number (expected " + expectedLength + ", but was " + tasks.size() + ")", expectedLength,
                 tasks.size());
         return tasks.toArray(new WfTask[tasks.size()]);
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateTimerTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateTimerTest.java
index 38e62018ed..4a068c4aed 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateTimerTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/ExecutionServiceDelegateTimerTest.java
@@ -1,66 +1,49 @@
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
-import ru.runa.wfe.definition.DefinitionDoesNotExistException;
 import ru.runa.wfe.presentation.BatchPresentationFactory;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.ExecutionService;
 import ru.runa.wfe.task.dto.WfTask;
 import ru.runa.wfe.user.User;
-import ru.runa.wfe.validation.ValidationException;
-
-import com.google.common.collect.Lists;
 
 public class ExecutionServiceDelegateTimerTest extends ServletTestCase {
-
     private static final String STATE_KOCHAB = "Kochab";
-
     private static final String STATE_ALIFA = "Alifa";
 
-    private ExecutionService executionService = null;
-
-    private WfServiceTestHelper th = null;
+    private WfServiceTestHelper h;
+    private ExecutionService executionService;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
-        th.deployValidProcessDefinition(WfServiceTestHelper.TIMER_PROCESS_NAME + ".par");
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.TIMER_PROCESS_NAME);
-
-        th.addExecutorToGroup(th.getAuthorizedPerformerActor(), th.getBossGroup());
-
-        executionService = th.getExecutionService();
-
-        super.setUp();
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
+        executionService = h.getExecutionService();
+
+        h.deployValidProcessDefinition(WfServiceTestHelper.TIMER_PROCESS_NAME + ".par");
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.START_PROCESS, Permission.READ_PROCESS),
+                WfServiceTestHelper.TIMER_PROCESS_NAME);
+        h.addExecutorToGroup(h.getAuthorizedActor(), h.getBossGroup());
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.TIMER_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.TIMER_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void test() throws InternalApplicationException {
+    public void test() {
         Long pid = prolog();
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(),
-                th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), BatchPresentationFactory.TASKS.createDefault()).get(0).getId(),
-                new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(),
+                h.getTaskService().getMyTasks(h.getAuthorizedUser(), BatchPresentationFactory.TASKS.createDefault()).get(0).getId(),
+                null);
         epilog(pid, STATE_KOCHAB, 1, 0);
     }
 
-    public void testTimeout() throws InternalApplicationException {
+    public void testTimeout() {
         Long pid = prolog();
         try {
             Thread.sleep(15000);
@@ -70,27 +53,27 @@ public void testTimeout() throws InternalApplicationException {
         // TODO fix me!!! epilog(pid, STATE_ANWAR, 0, 1);
     }
 
-    private Long prolog() throws AuthorizationException, AuthenticationException, DefinitionDoesNotExistException, ValidationException {
-        Long pid = executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.TIMER_PROCESS_NAME, null);
+    private Long prolog() {
+        Long pid = executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.TIMER_PROCESS_NAME, null);
         assertEquals(STATE_ALIFA,
-                th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), BatchPresentationFactory.TASKS.createDefault()).get(0).getName());
-        checkTasksCount(th.getAuthorizedPerformerUser(), 1);
-        checkTasksCount(th.getErpOperatorUser(), 0);
+                h.getTaskService().getMyTasks(h.getAuthorizedUser(), BatchPresentationFactory.TASKS.createDefault()).get(0).getName());
+        checkTasksCount(h.getAuthorizedUser(), 1);
+        checkTasksCount(h.getErpOperatorUser(), 0);
         return pid;
     }
 
-    private void epilog(Long pid, String stateName, int reqTasksCount, int erpTasksCount) throws AuthenticationException, AuthorizationException {
-        List<WfTask> list = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), BatchPresentationFactory.TASKS.createDefault());
+    private void epilog(Long pid, String stateName, int reqTasksCount, int erpTasksCount) {
+        List<WfTask> list = h.getTaskService().getMyTasks(h.getAuthorizedUser(), BatchPresentationFactory.TASKS.createDefault());
         for (WfTask inst : list) {
             assertEquals(stateName, inst.getName());
         }
         // assertEquals (stateName, executionService.getProcessInstanceTokens(
-        // helper.getAuthorizedPerformerUser(), pid).get(1).getName());
-        checkTasksCount(th.getAuthorizedPerformerUser(), reqTasksCount);
-        checkTasksCount(th.getErpOperatorUser(), erpTasksCount);
+        // helper.getAuthorizedUser(), pid).get(1).getName());
+        checkTasksCount(h.getAuthorizedUser(), reqTasksCount);
+        checkTasksCount(h.getErpOperatorUser(), erpTasksCount);
     }
 
-    private void checkTasksCount(User user, int expected) throws InternalApplicationException {
-        assertEquals(expected, th.getTaskService().getMyTasks(user, th.getTaskBatchPresentation()).size());
+    private void checkTasksCount(User user, int expected) {
+        assertEquals(expected, h.getTaskService().getMyTasks(user, h.getTaskBatchPresentation()).size());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetNewSubstitutorTaskListTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetNewSubstitutorTaskListTest.java
index 1a3c4a8a0e..3db8710c52 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetNewSubstitutorTaskListTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetNewSubstitutorTaskListTest.java
@@ -18,14 +18,11 @@
 
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
-
+import lombok.SneakyThrows;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
-import com.google.common.collect.Lists;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.definition.dto.WfDefinition;
 import ru.runa.wfe.presentation.BatchPresentation;
@@ -39,8 +36,6 @@
 import ru.runa.wfe.user.User;
 
 public class GetNewSubstitutorTaskListTest extends ServletTestCase {
-    private final static String PREFIX = GetNewSubstitutorTaskListTest.class.getName();
-
     private static final String PROCESS_FILE_URL = WfServiceTestHelper.ONE_SWIMLANE_FILE_NAME;
     private final static String PROCESS_NAME = WfServiceTestHelper.ONE_SWIMLANE_PROCESS_NAME;
 
@@ -52,6 +47,10 @@ public class GetNewSubstitutorTaskListTest extends ServletTestCase {
     private final static String pwdSubstitutor = "substitutor";
     private final static String pwdSubstitutor2 = "substitutor2";
 
+    private String PREFIX = getClass().getName();
+    private WfServiceTestHelper h;
+    private BatchPresentation batchPresentation;
+
     private User substituted = null;
     private User substitutor = null;
     private User substitutor2 = null;
@@ -60,77 +59,70 @@ public class GetNewSubstitutorTaskListTest extends ServletTestCase {
     private SubstitutionCriteriaSwimlane substitutionCriteria_requester;
     private SubstitutionCriteriaSwimlane substitutionCriteria_no_requester;
 
-    private WfServiceTestHelper testHelper;
-
-    private BatchPresentation batchPresentation;
-
     @Override
-    protected void setUp() throws Exception {
-        testHelper = new WfServiceTestHelper(PREFIX);
+    protected void setUp() {
+        h = new WfServiceTestHelper(PREFIX);
 
-        Actor substitutedActor = testHelper.createActorIfNotExist(nameSubstitutedActor, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), substitutedActor, nameSubstitutedActor);
-        Actor substitutor = testHelper.createActorIfNotExist(nameSubstitutor, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), substitutor, nameSubstitutor);
-        Actor substitutor2 = testHelper.createActorIfNotExist(nameSubstitutor2, PREFIX);
-        testHelper.getExecutorService().setPassword(testHelper.getAdminUser(), substitutor2, nameSubstitutor2);
+        Actor substitutedActor = h.createActorIfNotExist(nameSubstitutedActor, PREFIX);
+        h.getExecutorService().setPassword(h.getAdminUser(), substitutedActor, nameSubstitutedActor);
+        Actor substitutor = h.createActorIfNotExist(nameSubstitutor, PREFIX);
+        h.getExecutorService().setPassword(h.getAdminUser(), substitutor, nameSubstitutor);
+        Actor substitutor2 = h.createActorIfNotExist(nameSubstitutor2, PREFIX);
+        h.getExecutorService().setPassword(h.getAdminUser(), substitutor2, nameSubstitutor2);
 
         {
-            Collection<Permission> perm = Lists.newArrayList(Permission.LOGIN);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutedActor.getId(), perm,
-                    SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutor.getId(), perm, SecuredSingleton.EXECUTORS);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutor2.getId(), perm, SecuredSingleton.EXECUTORS);
+            val pp = Lists.newArrayList(Permission.LOGIN);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutedActor.getId(), pp, SecuredSingleton.SYSTEM);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutor.getId(), pp, SecuredSingleton.SYSTEM);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutor2.getId(), pp, SecuredSingleton.SYSTEM);
         }
         {
-            Collection<Permission> perm = Lists.newArrayList(Permission.READ);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutedActor.getId(), perm, substitutor);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutor.getId(), perm, substitutedActor);
-            testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutor2.getId(), perm, substitutedActor);
+            val pp = Lists.newArrayList(Permission.READ);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutedActor.getId(), pp, substitutor);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutor.getId(), pp, substitutedActor);
+            h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutor2.getId(), pp, substitutedActor);
         }
 
-        substituted = testHelper.getAuthenticationService().authenticateByLoginPassword(nameSubstitutedActor, pwdSubstitutedActor);
-        this.substitutor = testHelper.getAuthenticationService().authenticateByLoginPassword(nameSubstitutor, pwdSubstitutor);
-        this.substitutor2 = testHelper.getAuthenticationService().authenticateByLoginPassword(nameSubstitutor2, pwdSubstitutor2);
+        substituted = h.getAuthenticationService().authenticateByLoginPassword(nameSubstitutedActor, pwdSubstitutedActor);
+        this.substitutor = h.getAuthenticationService().authenticateByLoginPassword(nameSubstitutor, pwdSubstitutor);
+        this.substitutor2 = h.getAuthenticationService().authenticateByLoginPassword(nameSubstitutor2, pwdSubstitutor2);
 
         substitutionCriteria_always = null;
         substitutionCriteria_requester = new SubstitutionCriteriaSwimlane();
         substitutionCriteria_requester.setConfiguration(PROCESS_NAME + ".requester");
         substitutionCriteria_requester.setName(PROCESS_NAME + ".requester");
-        substitutionCriteria_requester = testHelper.createSubstitutionCriteria(substitutionCriteria_requester);
+        substitutionCriteria_requester = h.createSubstitutionCriteria(substitutionCriteria_requester);
         substitutionCriteria_no_requester = new SubstitutionCriteriaSwimlane();
         substitutionCriteria_no_requester.setConfiguration(PROCESS_NAME + ".No_requester");
         substitutionCriteria_no_requester.setName(PROCESS_NAME + ".No_requester");
-        substitutionCriteria_no_requester = testHelper.createSubstitutionCriteria(substitutionCriteria_no_requester);
+        substitutionCriteria_no_requester = h.createSubstitutionCriteria(substitutionCriteria_no_requester);
 
         byte[] parBytes = WfServiceTestHelper.readBytesFromFile(PROCESS_FILE_URL);
-        testHelper.getDefinitionService().deployProcessDefinition(testHelper.getAdminUser(), parBytes, Lists.newArrayList("testProcess"));
-        WfDefinition definition = testHelper.getDefinitionService().getLatestProcessDefinition(testHelper.getAdminUser(), PROCESS_NAME);
-        Collection<Permission> definitionPermission = Lists.newArrayList(Permission.START);
-        testHelper.getAuthorizationService().setPermissions(testHelper.getAdminUser(), substitutedActor.getId(), definitionPermission, definition);
+        h.getDefinitionService().deployProcessDefinition(h.getAdminUser(), parBytes, Lists.newArrayList("testProcess"));
+        WfDefinition definition = h.getDefinitionService().getLatestProcessDefinition(h.getAdminUser(), PROCESS_NAME);
+        h.getAuthorizationService().setPermissions(h.getAdminUser(), substitutedActor.getId(), Lists.newArrayList(Permission.START_PROCESS),
+                definition);
 
-        batchPresentation = testHelper.getTaskBatchPresentation();
-        super.setUp();
+        batchPresentation = h.getTaskBatchPresentation();
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        testHelper.getDefinitionService().undeployProcessDefinition(testHelper.getAdminUser(), PROCESS_NAME, null);
-        testHelper.releaseResources();
-        testHelper.removeSubstitutionCriteria(substitutionCriteria_always);
-        testHelper.removeSubstitutionCriteria(substitutionCriteria_requester);
-        testHelper.removeSubstitutionCriteria(substitutionCriteria_no_requester);
-        super.tearDown();
+    protected void tearDown() {
+        h.getDefinitionService().undeployProcessDefinition(h.getAdminUser(), PROCESS_NAME, null);
+        h.releaseResources();
+        h.removeSubstitutionCriteria(substitutionCriteria_always);
+        h.removeSubstitutionCriteria(substitutionCriteria_requester);
+        h.removeSubstitutionCriteria(substitutionCriteria_no_requester);
     }
 
     /*
      * Simple test case. Using process one_swimline_process and one substitutor with always subsitution rules. Checking correct task's list on
      * active/inactive actors.
      */
-    public void testSubstitutionSimple() throws Exception {
-        Substitution substitution1 = testHelper.createActorSubstitutor(substituted,
+    public void testSubstitutionSimple() {
+        Substitution substitution1 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor + ")", substitutionCriteria_always, true);
-        Substitution substitution2 = testHelper.createActorSubstitutor(substituted,
+        Substitution substitution2 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor2 + ")", substitutionCriteria_always, true);
         {
             // Will check precondition - no tasks to all actor's
@@ -139,7 +131,7 @@ public void testSubstitutionSimple() throws Exception {
             checkTaskList(substitutor2, 0);
         }
 
-        testHelper.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
 
         {
             checkTaskList(substituted, 1);
@@ -166,8 +158,8 @@ public void testSubstitutionSimple() throws Exception {
             checkTaskList(substitutor2, 0);
         }
         List<WfTask> tasks;
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substituted, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substituted, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 1);
             checkTaskList(substitutor, 0);
@@ -186,21 +178,21 @@ public void testSubstitutionSimple() throws Exception {
             checkTaskList(substitutor2, 1);
         }
         setStatus(substitutor, true);
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substitutor, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substitutor, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 0);
             checkTaskList(substitutor, 0);
             checkTaskList(substitutor2, 0);
         }
-        testHelper.removeCriteriaFromSubstitution(substitution1);
-        testHelper.removeCriteriaFromSubstitution(substitution2);
+        h.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution2);
     }
 
-    public void testSubstitutionByCriteria() throws Exception {
-        Substitution substitution1 = testHelper.createActorSubstitutor(substituted,
+    public void testSubstitutionByCriteria() {
+        Substitution substitution1 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor + ")", substitutionCriteria_requester, true);
-        Substitution substitution2 = testHelper.createActorSubstitutor(substituted,
+        Substitution substitution2 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor2 + ")", substitutionCriteria_always, true);
         {
             // Will heck precondition - no tasks to all actor's
@@ -209,7 +201,7 @@ public void testSubstitutionByCriteria() throws Exception {
             checkTaskList(substitutor2, 0);
         }
 
-        testHelper.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
 
         {
             checkTaskList(substituted, 1);
@@ -236,8 +228,8 @@ public void testSubstitutionByCriteria() throws Exception {
             checkTaskList(substitutor2, 0);
         }
         List<WfTask> tasks;
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substituted, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substituted, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 1);
             checkTaskList(substitutor, 0);
@@ -256,21 +248,21 @@ public void testSubstitutionByCriteria() throws Exception {
             checkTaskList(substitutor2, 1);
         }
         setStatus(substitutor, true);
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substitutor, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substitutor, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 0);
             checkTaskList(substitutor, 0);
             checkTaskList(substitutor2, 0);
         }
-        testHelper.removeCriteriaFromSubstitution(substitution1);
-        testHelper.removeCriteriaFromSubstitution(substitution2);
+        h.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution2);
     }
 
-    public void testSubstitutionByFalseCriteria() throws Exception {
-        Substitution substitution1 = testHelper.createActorSubstitutor(substituted,
+    public void testSubstitutionByFalseCriteria() {
+        Substitution substitution1 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor + ")", substitutionCriteria_no_requester, true);
-        Substitution substitution2 = testHelper.createActorSubstitutor(substituted,
+        Substitution substitution2 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor2 + ")", substitutionCriteria_always, true);
         {
             // Will heck precondition - no tasks to all actor's
@@ -279,7 +271,7 @@ public void testSubstitutionByFalseCriteria() throws Exception {
             checkTaskList(substitutor2, 0);
         }
 
-        testHelper.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
 
         {
             checkTaskList(substituted, 1);
@@ -306,8 +298,8 @@ public void testSubstitutionByFalseCriteria() throws Exception {
             checkTaskList(substitutor2, 0);
         }
         List<WfTask> tasks;
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substituted, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substituted, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 1);
             checkTaskList(substitutor, 0);
@@ -326,22 +318,22 @@ public void testSubstitutionByFalseCriteria() throws Exception {
             checkTaskList(substitutor2, 1);
         }
         setStatus(substitutor, true);
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substituted, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substituted, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 0);
             checkTaskList(substitutor, 0);
             checkTaskList(substitutor2, 0);
         }
-        testHelper.removeCriteriaFromSubstitution(substitution1);
-        testHelper.removeCriteriaFromSubstitution(substitution2);
+        h.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution2);
     }
 
-    public void testSubstitutionFalseTermination() throws Exception {
-        Substitution substitution1 = testHelper.createTerminator(substituted, substitutionCriteria_no_requester, true);
-        Substitution substitution2 = testHelper.createActorSubstitutor(substituted,
+    public void testSubstitutionFalseTermination() {
+        Substitution substitution1 = h.createTerminator(substituted, substitutionCriteria_no_requester, true);
+        Substitution substitution2 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor + ")", substitutionCriteria_always, true);
-        Substitution substitution3 = testHelper.createActorSubstitutor(substituted,
+        Substitution substitution3 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor2 + ")", substitutionCriteria_always, true);
         {
             // Will heck precondition - no tasks to all actor's
@@ -350,7 +342,7 @@ public void testSubstitutionFalseTermination() throws Exception {
             checkTaskList(substitutor2, 0);
         }
 
-        testHelper.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
 
         {
             checkTaskList(substituted, 1);
@@ -377,8 +369,8 @@ public void testSubstitutionFalseTermination() throws Exception {
             checkTaskList(substitutor2, 0);
         }
         List<WfTask> tasks;
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substituted, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substituted, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 1);
             checkTaskList(substitutor, 0);
@@ -397,23 +389,23 @@ public void testSubstitutionFalseTermination() throws Exception {
             checkTaskList(substitutor2, 1);
         }
         setStatus(substitutor, true);
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substitutor, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substitutor, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 0);
             checkTaskList(substitutor, 0);
             checkTaskList(substitutor2, 0);
         }
-        testHelper.removeCriteriaFromSubstitution(substitution1);
-        testHelper.removeCriteriaFromSubstitution(substitution2);
-        testHelper.removeCriteriaFromSubstitution(substitution3);
+        h.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution2);
+        h.removeCriteriaFromSubstitution(substitution3);
     }
 
-    public void testSubstitutionTrueTermination() throws Exception {
-        Substitution substitution1 = testHelper.createTerminator(substituted, substitutionCriteria_requester, true);
-        Substitution substitution2 = testHelper.createActorSubstitutor(substituted,
+    public void testSubstitutionTrueTermination() {
+        Substitution substitution1 = h.createTerminator(substituted, substitutionCriteria_requester, true);
+        Substitution substitution2 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor + ")", substitutionCriteria_always, true);
-        Substitution substitution3 = testHelper.createActorSubstitutor(substituted,
+        Substitution substitution3 = h.createActorSubstitutor(substituted,
                 "ru.runa.af.organizationfunction.ExecutorByNameFunction(" + nameSubstitutor2 + ")", substitutionCriteria_always, true);
         {
             // Will heck precondition - no tasks to all actor's
@@ -422,7 +414,7 @@ public void testSubstitutionTrueTermination() throws Exception {
             checkTaskList(substitutor2, 0);
         }
 
-        testHelper.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
+        h.getExecutionService().startProcess(substituted, PROCESS_NAME, null);
 
         {
             checkTaskList(substituted, 1);
@@ -449,8 +441,8 @@ public void testSubstitutionTrueTermination() throws Exception {
             checkTaskList(substitutor2, 0);
         }
         List<WfTask> tasks;
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substituted, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substituted, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 1);
             checkTaskList(substitutor, 0);
@@ -469,22 +461,23 @@ public void testSubstitutionTrueTermination() throws Exception {
             checkTaskList(substitutor2, 0);
         }
         setStatus(substitutor, true);
-        tasks = testHelper.getTaskService().getMyTasks(substituted, batchPresentation);
-        testHelper.getTaskService().completeTask(substitutor, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        tasks = h.getTaskService().getMyTasks(substituted, batchPresentation);
+        h.getTaskService().completeTask(substitutor, tasks.get(0).getId(), null);
         {
             checkTaskList(substituted, 0);
             checkTaskList(substitutor, 0);
             checkTaskList(substitutor2, 0);
         }
-        testHelper.removeCriteriaFromSubstitution(substitution1);
-        testHelper.removeCriteriaFromSubstitution(substitution2);
-        testHelper.removeCriteriaFromSubstitution(substitution3);
+        h.removeCriteriaFromSubstitution(substitution1);
+        h.removeCriteriaFromSubstitution(substitution2);
+        h.removeCriteriaFromSubstitution(substitution3);
     }
 
-    private void checkTaskList(User user, int expectedLength) throws Exception {
-        List<WfTask> tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+    @SneakyThrows
+    private void checkTaskList(User user, int expectedLength) {
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         Thread.sleep(50);
-        tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number (expected " + expectedLength + ", but was " + tasks.size() + ")", expectedLength,
                 tasks.size());
         // Let's change actor status to check correct working.
@@ -494,37 +487,37 @@ private void checkTaskList(User user, int expectedLength) throws Exception {
         setStatus(user, !actorStatus);
         setStatus(user, actorStatus);
 
-        tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         Thread.sleep(50);
-        tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number (expected " + expectedLength + ", but was " + tasks.size() + ")", expectedLength,
                 tasks.size());
-        actorStatus = testHelper.getExecutorService().<Actor>getExecutor(testHelper.getAdminUser(), substituted.getActor().getId()).isActive();
+        actorStatus = h.getExecutorService().<Actor>getExecutor(h.getAdminUser(), substituted.getActor().getId()).isActive();
 
         setStatus(substituted, !actorStatus);
 
         if (!actorStatus) {
-            tasks = testHelper.getTaskService().getMyTasks(substitutor, batchPresentation);
+            tasks = h.getTaskService().getMyTasks(substitutor, batchPresentation);
             Thread.sleep(50);
-            tasks = testHelper.getTaskService().getMyTasks(substitutor, batchPresentation);
+            tasks = h.getTaskService().getMyTasks(substitutor, batchPresentation);
             assertEquals("getTasks() returns wrong tasks number (expected " + 0 + ", but was " + tasks.size() + ")", 0, tasks.size());
-            tasks = testHelper.getTaskService().getMyTasks(substitutor2, batchPresentation);
+            tasks = h.getTaskService().getMyTasks(substitutor2, batchPresentation);
             assertEquals("getTasks() returns wrong tasks number (expected " + 0 + ", but was " + tasks.size() + ")", 0, tasks.size());
         }
 
         setStatus(substituted, actorStatus);
 
-        tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         Thread.sleep(50);
-        tasks = testHelper.getTaskService().getMyTasks(user, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(user, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number (expected " + expectedLength + ", but was " + tasks.size() + ")", expectedLength,
                 tasks.size());
     }
 
     private void setStatus(User user, boolean actorStatus) {
-        testHelper.getExecutorService().setStatus(testHelper.getAdminUser(), user.getActor(), actorStatus);
+        h.getExecutorService().setStatus(h.getAdminUser(), user.getActor(), actorStatus);
         // hibernate merge workaround
-        Actor actor = testHelper.createActorIfNotExist(user.getActor().getName(), PREFIX);
+        Actor actor = h.createActorIfNotExist(user.getActor().getName(), PREFIX);
         user.setActor(actor);
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetTaskListTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetTaskListTest.java
index a0ce905b1c..63842639bb 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetTaskListTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/GetTaskListTest.java
@@ -17,25 +17,18 @@
  */
 package ru.runa.wf.delegate;
 
-import java.util.Collection;
-import java.util.HashMap;
+import com.google.common.collect.Lists;
 import java.util.List;
-
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
-import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.user.Group;
+import ru.runa.wf.service.WfServiceTestHelper;
+import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
-import ru.runa.wf.service.WfServiceTestHelper;
-
-import com.google.common.collect.Lists;
+import ru.runa.wfe.user.Actor;
+import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
 /**
@@ -44,121 +37,107 @@
  * @author kana <a href="mailto:kana@ptc.ru">
  */
 public class GetTaskListTest extends ServletTestCase {
-    private final static String PREFIX = GetTaskListTest.class.getName();
-
-    private WfServiceTestHelper th;
-
-    private byte[] parBytes;
-
     // see par file for explanation
-    private final static String PROCESS_NAME = "simple process";
-
+    private final static String GROUP1_NAME = "group1";
+    private final static String GROUP2_NAME = "group2";
     private final static String ACTOR3_NAME = "actor3";
-
     private final static String ACTOR3_PASSWD = "actor3";
+    private final static String PROCESS_NAME = "simple process";
 
-    private final static String GROUP1_NAME = "group1";
-
-    private final static String GROUP2_NAME = "group2";
+    private WfServiceTestHelper h;
+    private BatchPresentation batchPresentation;
 
     private Group group1;
-
     private Group group2;
-
     private Actor actor3;
-
     private User actor3User;
 
-    private BatchPresentation batchPresentation;
-
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(PREFIX);
-
-        actor3 = th.createActorIfNotExist(ACTOR3_NAME, PREFIX);
-        th.getExecutorService().setPassword(th.getAdminUser(), actor3, ACTOR3_PASSWD);
-        group1 = th.createGroupIfNotExist(GROUP1_NAME, PREFIX);
-        group2 = th.createGroupIfNotExist(GROUP2_NAME, PREFIX);
+    protected void setUp() {
+        val prefix = getClass().getName();
+        h = new WfServiceTestHelper(prefix);
+        batchPresentation = h.getTaskBatchPresentation();
 
-        parBytes = WfServiceTestHelper.readBytesFromFile(WfServiceTestHelper.ORGANIZATION_FUNCTION_PAR_FILE_NAME);
+        group1 = h.createGroupIfNotExist(GROUP1_NAME, prefix);
+        group2 = h.createGroupIfNotExist(GROUP2_NAME, prefix);
+        actor3 = h.createActorIfNotExist(ACTOR3_NAME, prefix);
+        h.getExecutorService().setPassword(h.getAdminUser(), actor3, ACTOR3_PASSWD);
 
-        Collection<Permission> p = Lists.newArrayList(Permission.LOGIN);
-        th.getAuthorizationService().setPermissions(th.getAdminUser(), actor3.getId(), p, SecuredSingleton.EXECUTORS);
+        h.getAuthorizationService().setPermissions(h.getAdminUser(), actor3.getId(), Lists.newArrayList(Permission.LOGIN), SecuredSingleton.SYSTEM);
         actor3User = Delegates.getAuthenticationService().authenticateByLoginPassword(actor3.getName(), ACTOR3_PASSWD);
-        th.setPermissionsToAuthorizedPerformerOnExecutors(Lists.newArrayList(Permission.ALL));
-        th.setPermissionsToAuthorizedPerformerOnDefinitions(Lists.newArrayList(Permission.ALL));
 
-        th.getDefinitionService().deployProcessDefinition(th.getAuthorizedPerformerUser(), parBytes, Lists.newArrayList("testProcess"));
-        batchPresentation = th.getTaskBatchPresentation();
-        super.setUp();
+        h.setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_DEFINITION), SecuredSingleton.SYSTEM);
+
+        val parBytes = WfServiceTestHelper.readBytesFromFile(WfServiceTestHelper.ORGANIZATION_FUNCTION_PAR_FILE_NAME);
+        val def = h.getDefinitionService().deployProcessDefinition(h.getAuthorizedUser(), parBytes, Lists.newArrayList("testProcess"));
+
+        h.setPermissionsToAuthorizedActorOnDefinition(Lists.newArrayList(Permission.DELETE, Permission.START_PROCESS), def);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.getDefinitionService().undeployProcessDefinition(th.getAuthorizedPerformerUser(), PROCESS_NAME, null);
-        parBytes = null;
-        th.releaseResources();
-        th = null;
+    protected void tearDown() {
+        h.getDefinitionService().undeployProcessDefinition(h.getAuthorizedUser(), PROCESS_NAME, null);
+        h.releaseResources();
+        h = null;
         actor3 = null;
         group1 = null;
         group2 = null;
         actor3User = null;
         batchPresentation = null;
-        super.tearDown();
     }
 
-    public void testEqualsFunctionTest() throws Exception {
+    public void testEqualsFunctionTest() {
 
-        th.getExecutionService().startProcess(th.getAuthorizedPerformerUser(), PROCESS_NAME, null);
+        h.getExecutionService().startProcess(h.getAuthorizedUser(), PROCESS_NAME, null);
         // assignment handler creates secured object for swimlane and grants
         // group2 permissions on it, so we have to update reference
-        group2 = (Group) th.getExecutor(group2.getName());
+        group2 = (Group) h.getExecutor(group2.getName());
 
         List<WfTask> tasks;
 
-        tasks = th.getTaskService().getMyTasks(actor3User, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(actor3User, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 0, tasks.size());
 
-        th.addExecutorToGroup(th.getAuthorizedPerformerActor(), group2);
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        h.addExecutorToGroup(h.getAuthorizedActor(), group2);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 1, tasks.size());
 
         assertEquals("task assigned", group2, tasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(actor3User, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(actor3User, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 1, tasks.size());
 
         assertEquals("task assigned", actor3, tasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(actor3User, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(actor3User, tasks.get(0).getId(), null);
         // same as commented higher
-        actor3 = (Actor) th.getExecutor(actor3.getName());
-        group2 = (Group) th.getExecutor(group2.getName());
+        actor3 = (Actor) h.getExecutor(actor3.getName());
+        group2 = (Group) h.getExecutor(group2.getName());
 
-        tasks = th.getTaskService().getMyTasks(actor3User, batchPresentation);
+        tasks = h.getTaskService().getMyTasks(actor3User, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 0, tasks.size());
 
-        th.addExecutorToGroup(actor3, group1);
-        tasks = th.getTaskService().getMyTasks(actor3User, batchPresentation);
+        h.addExecutorToGroup(actor3, group1);
+        tasks = h.getTaskService().getMyTasks(actor3User, batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 1, tasks.size());
 
-        th.removeExecutorFromGroup(th.getAuthorizedPerformerActor(), group2);
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        h.removeExecutorFromGroup(h.getAuthorizedActor(), group2);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("getTasks() returns wrong tasks number", 1, tasks.size());
 
-        assertEquals("task assigned", th.getAuthorizedPerformerActor(), tasks.get(0).getOwner());
+        assertEquals("task assigned", h.getAuthorizedActor(), tasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/MultiInstanceTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/MultiInstanceTest.java
index 9f94f95edc..f5b7c706da 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/MultiInstanceTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/MultiInstanceTest.java
@@ -1,13 +1,13 @@
 package ru.runa.wf.delegate;
 
+import com.google.common.collect.Lists;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
-
+import java.util.Objects;
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentationFactory;
@@ -18,10 +18,9 @@
 import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
-import com.google.common.collect.Lists;
-
 public class MultiInstanceTest extends ServletTestCase {
-    private WfServiceTestHelper th;
+    private WfServiceTestHelper h;
+    private ExecutionService executionService;
 
     private Group group1 = null;
     private Relation relation1 = null;
@@ -29,59 +28,45 @@ public class MultiInstanceTest extends ServletTestCase {
     private Actor actor2 = null;
     private Actor actor3 = null;
     private Actor actor4 = null;
-    private ExecutionService executionService;
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(MultiInstanceTest.class.getName());
-        executionService = th.getExecutionService();
-        group1 = th.createGroupIfNotExist("group1", MultiInstanceTest.class.getName());
-        relation1 = th.createRelation("relation1", MultiInstanceTest.class.getName());
-        actor1 = th.createActorIfNotExist("actor1", MultiInstanceTest.class.getName());
-        th.addExecutorToGroup(actor1, group1);
-        actor2 = th.createActorIfNotExist("actor2", MultiInstanceTest.class.getName());
-        th.addExecutorToGroup(actor2, group1);
-        actor3 = th.createActorIfNotExist("actor3", MultiInstanceTest.class.getName());
-        th.addExecutorToGroup(actor3, group1);
-        actor4 = th.createActorIfNotExist("relationparam1", MultiInstanceTest.class.getName());
-        th.addRelationPair(relation1.getId(), actor4, actor1);
-        th.addRelationPair(relation1.getId(), actor4, actor2);
-        th.addRelationPair(relation1.getId(), actor4, actor3);
-        th.deployValidProcessDefinition("multiinstance superprocess.par");
-        th.deployValidProcessDefinition("multiinstance subprocess.par");
-        th.deployValidProcessDefinition("MultiInstance - MainProcess.par");
-        th.deployValidProcessDefinition("MultiInstance - SubProcess.par");
-        th.deployValidProcessDefinition("MultiInstance - TypeMainProcess.par");
-    }
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
+        executionService = h.getExecutionService();
 
-    @Override
-    protected void tearDown() throws Exception {
-        if (relation1 != null) {
-            th.removeRelation(relation1.getId());
-        }
-        th.undeployValidProcessDefinition("MultiInstance - MainProcess");
-        th.undeployValidProcessDefinition("MultiInstance - TypeMainProcess");
-        th.undeployValidProcessDefinition("MultiInstance - SubProcess");
-        th.undeployValidProcessDefinition("multiinstance superprocess");
-        th.undeployValidProcessDefinition("multiinstance subprocess");
-        th.releaseResources();
-        super.tearDown();
+        group1 = h.createGroupIfNotExist("group1", MultiInstanceTest.class.getName());
+        relation1 = h.createRelation("relation1", MultiInstanceTest.class.getName());
+        actor1 = h.createActorIfNotExist("actor1", MultiInstanceTest.class.getName());
+        h.addExecutorToGroup(actor1, group1);
+        actor2 = h.createActorIfNotExist("actor2", MultiInstanceTest.class.getName());
+        h.addExecutorToGroup(actor2, group1);
+        actor3 = h.createActorIfNotExist("actor3", MultiInstanceTest.class.getName());
+        h.addExecutorToGroup(actor3, group1);
+        actor4 = h.createActorIfNotExist("relationparam1", MultiInstanceTest.class.getName());
+        h.addRelationPair(relation1.getId(), actor4, actor1);
+        h.addRelationPair(relation1.getId(), actor4, actor2);
+        h.addRelationPair(relation1.getId(), actor4, actor3);
+        h.deployValidProcessDefinition("multiinstance superprocess.par");
+        h.deployValidProcessDefinition("multiinstance subprocess.par");
+        h.deployValidProcessDefinition("MultiInstance - MainProcess.par");
+        h.deployValidProcessDefinition("MultiInstance - SubProcess.par");
+        h.deployValidProcessDefinition("MultiInstance - TypeMainProcess.par");
     }
 
-    public void testSimple() throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("discriminator", new String[] { "d1", "d2", "d3" });
-        variables.put("discriminator_r", new String[] { "d1_r", "d2_r", "d3_r" });
-        variables.put("discriminator_rw", new String[] { "d1_rw", "d2_rw", "d3_rw" });
-        long processId = executionService.startProcess(user, "multiinstance superprocess", variables);
-        List<WfTask> tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+    public void testSimple() {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("discriminator", new String[] { "d1", "d2", "d3" });
+        vars.put("discriminator_r", new String[] { "d1_r", "d2_r", "d3_r" });
+        vars.put("discriminator_rw", new String[] { "d1_rw", "d2_rw", "d3_rw" });
+        long processId = executionService.startProcess(user, "multiinstance superprocess", vars);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         for (WfTask task : tasks) {
             String descriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "d").getValue();
             assertEquals(descriminatorValue + "_r", (String) executionService.getVariable(user, task.getProcessId(), "d_r").getValue());
             assertEquals(descriminatorValue + "_rw", (String) executionService.getVariable(user, task.getProcessId(), "d_rw").getValue());
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
         }
         ArrayAssert.assertEqualArrays("discriminator", Lists.newArrayList("d1", "d2", "d3"),
                 (List<?>) executionService.getVariable(user, processId, "discriminator").getValue());
@@ -93,20 +78,33 @@ public void testSimple() throws Exception {
                 (List<?>) executionService.getVariable(user, processId, "discriminator_rw").getValue());
     }
 
-    public void testSimpleWithLists() throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("discriminator", Lists.newArrayList("d1", "d2", "d3"));
-        variables.put("discriminator_r", Lists.newArrayList("d1_r", "d2_r", "d3_r"));
-        variables.put("discriminator_rw", Lists.newArrayList("d1_rw", "d2_rw", "d3_rw"));
-        long processId = executionService.startProcess(user, "multiinstance superprocess", variables);
-        List<WfTask> tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+    @Override
+    protected void tearDown() {
+        if (relation1 != null) {
+            h.removeRelation(relation1.getId());
+        }
+        h.undeployValidProcessDefinition("MultiInstance - MainProcess");
+        h.undeployValidProcessDefinition("MultiInstance - TypeMainProcess");
+        h.undeployValidProcessDefinition("MultiInstance - SubProcess");
+        h.undeployValidProcessDefinition("multiinstance superprocess");
+        h.undeployValidProcessDefinition("multiinstance subprocess");
+        h.releaseResources();
+    }
+
+    public void testSimpleWithLists() {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("discriminator", Lists.newArrayList("d1", "d2", "d3"));
+        vars.put("discriminator_r", Lists.newArrayList("d1_r", "d2_r", "d3_r"));
+        vars.put("discriminator_rw", Lists.newArrayList("d1_rw", "d2_rw", "d3_rw"));
+        long processId = executionService.startProcess(user, "multiinstance superprocess", vars);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         for (WfTask task : tasks) {
             String descriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "d").getValue();
             assertEquals(descriminatorValue + "_r", (String) executionService.getVariable(user, task.getProcessId(), "d_r").getValue());
             assertEquals(descriminatorValue + "_rw", (String) executionService.getVariable(user, task.getProcessId(), "d_rw").getValue());
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
         }
         ArrayAssert.assertEqualArrays(Lists.newArrayList("d1", "d2", "d3"),
                 (List<?>) executionService.getVariable(user, processId, "discriminator").getValue());
@@ -118,19 +116,19 @@ public void testSimpleWithLists() throws Exception {
                 (List<?>) executionService.getVariable(user, processId, "discriminator_rw").getValue());
     }
 
-    public void testNullDiscriminator() throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("discriminator", new String[] { "d1", "d2", "d3" });
-        variables.put("discriminator_r", new String[] { "d1_r", "d2_r", "d3_r" });
-        long processId = executionService.startProcess(user, "multiinstance superprocess", variables);
-        List<WfTask> tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+    public void testNullDiscriminator() {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("discriminator", new String[] { "d1", "d2", "d3" });
+        vars.put("discriminator_r", new String[] { "d1_r", "d2_r", "d3_r" });
+        long processId = executionService.startProcess(user, "multiinstance superprocess", vars);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         for (WfTask task : tasks) {
             String descriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "d").getValue();
             assertEquals(descriminatorValue + "_r", (String) executionService.getVariable(user, task.getProcessId(), "d_r").getValue());
-            assertEquals(null, (String) executionService.getVariable(user, task.getProcessId(), "d_rw").getValue());
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            assertNull(executionService.getVariable(user, task.getProcessId(), "d_rw").getValue());
+            h.getTaskService().completeTask(user, task.getId(), null);
         }
         ArrayAssert.assertEqualArrays("", Lists.newArrayList("d1", "d2", "d3"),
                 (List<?>) executionService.getVariable(user, processId, "discriminator").getValue());
@@ -142,110 +140,110 @@ public void testNullDiscriminator() throws Exception {
                 (List<?>) executionService.getVariable(user, processId, "discriminator_rw").getValue());
     }
 
-    public void testEmptyDiscriminator() throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("discriminator", new String[] {});
-        variables.put("discriminator_r", new String[] {});
-        Long processId = executionService.startProcess(user, "multiinstance superprocess", variables);
+    public void testEmptyDiscriminator() {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("discriminator", new String[] {});
+        vars.put("discriminator_r", new String[] {});
+        Long processId = executionService.startProcess(user, "multiinstance superprocess", vars);
         System.out.println("multiinstancesubprocesses=" + executionService.getSubprocesses(user, processId, true));
         assertTrue(executionService.getProcess(user, processId).isEnded());
     }
 
-    public void testManySubprocessInToken() throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("Variable1", "Variable for subprocess 1");
-        variables.put("Variable2", "Variable for subprocess 2");
-        variables.put("multi", new String[] { "sub-mult 1", "sub-mult 2", "sub-mult 3" });
-        long processId = executionService.startProcess(user, "MultiInstance - MainProcess", variables);
+    public void testManySubprocessInToken() {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("Variable1", "Variable for subprocess 1");
+        vars.put("Variable2", "Variable for subprocess 2");
+        vars.put("multi", new String[] { "sub-mult 1", "sub-mult 2", "sub-mult 3" });
+        long processId = executionService.startProcess(user, "MultiInstance - MainProcess", vars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(1, tasks.size());
         assertEquals("Variable for subprocess 1", (String) executionService.getVariable(user, tasks.get(0).getProcessId(), "Variable1").getValue());
-        th.getTaskService().completeTask(user, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(user, tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         Collections.sort(tasks, new Comparator<WfTask>() {
             @Override
             public int compare(WfTask o1, WfTask o2) {
-                return o1.getId() < o2.getId() ? -1 : o1.getId() == o2.getId() ? 0 : 1;
+                return o1.getId() < o2.getId() ? -1 : Objects.equals(o1.getId(), o2.getId()) ? 0 : 1;
             }
         });
         int idx = 1;
         for (WfTask task : tasks) {
             String descriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "Variable1").getValue();
             assertEquals("sub-mult " + idx, descriminatorValue);
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
             ++idx;
         }
 
-        tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         Collections.sort(tasks, new Comparator<WfTask>() {
             @Override
             public int compare(WfTask o1, WfTask o2) {
-                return o1.getId() < o2.getId() ? -1 : o1.getId() == o2.getId() ? 0 : 1;
+                return o1.getId() < o2.getId() ? -1 : Objects.equals(o1.getId(), o2.getId()) ? 0 : 1;
             }
         });
         idx = 1;
         for (WfTask task : tasks) {
             String descriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "Variable1").getValue();
             assertEquals("sub-mult " + idx, descriminatorValue);
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
             ++idx;
         }
 
-        tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(1, tasks.size());
         assertEquals("Variable for subprocess 2", (String) executionService.getVariable(user, tasks.get(0).getProcessId(), "Variable1").getValue());
-        th.getTaskService().completeTask(user, tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(user, tasks.get(0).getId(), null);
 
         ArrayAssert.assertEqualArrays(Lists.newArrayList("sub-mult 1", "sub-mult 2", "sub-mult 3"),
                 (List<?>) executionService.getVariable(user, processId, "multiOut").getValue());
     }
 
-    public void testDifferentTypes() throws Exception {
+    public void testDifferentTypes() {
         // internalDifferentTypes(new Date());
-        internalDifferentTypes(new Long(1));
-        internalDifferentTypes(new Double(1));
+        internalDifferentTypes(1L);
+        internalDifferentTypes(1d);
     }
 
-    public void testAllTypes() throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("Variable1", "group1");
-        variables.put("Variable2", "relation1");
-        variables.put("Variable3", "relationparam1");
-        variables.put("multi", new String[] { "sub-mult 1", "sub-mult 2", "sub-mult 3" });
-        executionService.startProcess(user, "MultiInstance - TypeMainProcess", variables);
+    public void testAllTypes() {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("Variable1", "group1");
+        vars.put("Variable2", "relation1");
+        vars.put("Variable3", "relationparam1");
+        vars.put("multi", new String[] { "sub-mult 1", "sub-mult 2", "sub-mult 3" });
+        executionService.startProcess(user, "MultiInstance - TypeMainProcess", vars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         Collections.sort(tasks, new Comparator<WfTask>() {
             @Override
             public int compare(WfTask o1, WfTask o2) {
-                return o1.getId() < o2.getId() ? -1 : o1.getId() == o2.getId() ? 0 : 1;
+                return o1.getId() < o2.getId() ? -1 : Objects.equals(o1.getId(), o2.getId()) ? 0 : 1;
             }
         });
         int idx = 1;
         for (WfTask task : tasks) {
             String discriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "Variable1").getValue();
             assertEquals("sub-mult " + idx, discriminatorValue);
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            h.getTaskService().completeTask(user, task.getId(), null);
             ++idx;
         }
 
         List<String> actorList = Lists.newArrayList(actor1.getCode().toString(), actor2.getCode().toString(), actor3.getCode().toString());
-        tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         idx = 1;
         for (WfTask task : tasks) {
             String discriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "Variable1").getValue();
             assertTrue(discriminatorValue, actorList.contains(discriminatorValue));
-            actorList.remove(actorList.indexOf(discriminatorValue));
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            actorList.remove(discriminatorValue);
+            h.getTaskService().completeTask(user, task.getId(), null);
             ++idx;
         }
         assertTrue(actorList.isEmpty());
@@ -253,36 +251,36 @@ public int compare(WfTask o1, WfTask o2) {
         actorList.add(actor1.getCode().toString());
         actorList.add(actor2.getCode().toString());
         actorList.add(actor3.getCode().toString());
-        tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+        tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         idx = 1;
         for (WfTask task : tasks) {
             String discriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "Variable1").getValue();
             assertTrue(actorList.contains(discriminatorValue));
-            actorList.remove(actorList.indexOf(discriminatorValue));
-            th.getTaskService().completeTask(user, task.getId(), new HashMap<String, Object>(), null);
+            actorList.remove(discriminatorValue);
+            h.getTaskService().completeTask(user, task.getId(), null);
             ++idx;
         }
         assertTrue(actorList.isEmpty());
     }
 
-    private void internalDifferentTypes(Object varValue) throws Exception {
-        User user = th.getAdminUser();
-        Map<String, Object> variables = new HashMap<String, Object>();
-        variables.put("discriminator", new String[] { "d1", "d2", "d3" });
-        variables.put("discriminator_r", new String[] { "d1_r", "d2_r", "d3_r" });
-        variables.put("discriminator_rw", new String[] { "d1_rw", "d2_rw", "d3_rw" });
-        long processId = executionService.startProcess(user, "multiinstance superprocess", variables);
-        List<WfTask> tasks = th.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
+    private void internalDifferentTypes(Object varValue) {
+        User user = h.getAdminUser();
+        val vars = new HashMap<String, Object>();
+        vars.put("discriminator", new String[] { "d1", "d2", "d3" });
+        vars.put("discriminator_r", new String[] { "d1_r", "d2_r", "d3_r" });
+        vars.put("discriminator_rw", new String[] { "d1_rw", "d2_rw", "d3_rw" });
+        long processId = executionService.startProcess(user, "multiinstance superprocess", vars);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(user, BatchPresentationFactory.TASKS.createDefault());
         assertEquals(3, tasks.size());
         for (WfTask task : tasks) {
             String descriminatorValue = (String) executionService.getVariable(user, task.getProcessId(), "d").getValue();
             assertEquals(descriminatorValue + "_r", (String) executionService.getVariable(user, task.getProcessId(), "d_r").getValue());
             assertEquals(descriminatorValue + "_rw", (String) executionService.getVariable(user, task.getProcessId(), "d_rw").getValue());
-            Map<String, Object> var = new HashMap<String, Object>();
-            var.put("d_rw", varValue);
-            var.put("d_w", varValue);
-            th.getTaskService().completeTask(user, task.getId(), var, null);
+            val vars2 = new HashMap<String, Object>();
+            vars2.put("d_rw", varValue);
+            vars2.put("d_w", varValue);
+            h.getTaskService().completeTask(user, task.getId(), vars2);
         }
         ArrayAssert.assertEqualArrays("", Lists.newArrayList("d1", "d2", "d3"),
                 (List<?>) executionService.getVariable(user, processId, "discriminator").getValue());
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateProcessTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateProcessTest.java
index de3719416b..2fac18bb42 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateProcessTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateProcessTest.java
@@ -18,17 +18,13 @@
 
 package ru.runa.wf.delegate;
 
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
 import org.apache.cactus.ServletTestCase;
-
-import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.Group;
-import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.execution.dto.WfProcess;
 import ru.runa.wf.service.WfScriptServiceTestHelper;
 import ru.runa.wf.service.WfServiceTestHelper;
+import ru.runa.wfe.execution.dto.WfProcess;
+import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.user.Executor;
+import ru.runa.wfe.user.Group;
 
 public class WfeScriptServiceDelegateProcessTest extends ServletTestCase {
 
@@ -37,155 +33,144 @@ public class WfeScriptServiceDelegateProcessTest extends ServletTestCase {
     private static final String REMOVE = "process_Remove_script.xml";
 
     private static final Group EMPLOYEE_GROUP = new Group("employee", null);
-    private Executor employee = null;
+
+    private WfScriptServiceTestHelper h;
+
+    private Executor employee;
     private WfProcess instanceStub1, instanceStub2;
-    private WfScriptServiceTestHelper helper = null;
 
-    protected void setUp() throws Exception {
-        helper = new WfScriptServiceTestHelper(getClass().getName());
-        employee = helper.createGroupIfNotExist(EMPLOYEE_GROUP.getName(), EMPLOYEE_GROUP.getDescription());
-        helper.deployValidProcessDefinition();
-        super.setUp();
+    @Override
+    protected void setUp() {
+        h = new WfScriptServiceTestHelper(getClass().getName());
+        employee = h.createGroupIfNotExist(EMPLOYEE_GROUP.getName(), EMPLOYEE_GROUP.getDescription());
+        h.deployValidProcessDefinition();
     }
 
-    protected void tearDown() throws Exception {
-        helper.undeployValidProcessDefinition();
-        helper.releaseResources();
-        helper = null;
-        super.tearDown();
+    @Override
+    protected void tearDown() {
+        h.undeployValidProcessDefinition();
+        h.releaseResources();
+        h = null;
     }
 
-    public void testAddThenSetPermissions() throws Exception {
+    public void testAddThenSetPermissions() {
+        h.executeScript(ADD_SET);
 
-        // script with operations is parsed and executed here
-        helper.executeScript(ADD_SET);
-
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
         // group permission on process definition
-        assertFalse("Check if 'list' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.LIST, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertFalse("Check if 'DELETE' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.DELETE, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertFalse("Check if 'start' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.START, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertFalse("Check if 'START_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.START_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'read' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.READ, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'READ' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.READ, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'update' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.UPDATE, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'UPDATE' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.UPDATE, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'read_process' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.READ_PROCESS, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'READ_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.READ_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'cancel_process' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.CANCEL_PROCESS, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'CANCEL_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.CANCEL_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        instanceStub1 = helper.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, helper.getAdministrator());
-        instanceStub2 = helper.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, helper.getAdministrator());
+        instanceStub1 = h.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, h.getAdministrator());
+        instanceStub2 = h.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, h.getAdministrator());
 
         // group permission on process instances
-        assertTrue("Check if 'read' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub1, employee, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.READ, instanceStub1));
 
-        assertTrue("Check if 'cancel' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub1, employee, Permission.CANCEL));
+        assertTrue("Check if 'CANCEL' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.CANCEL, instanceStub1));
 
-        assertTrue("Check if 'read' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub2, employee, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.READ, instanceStub2));
 
-        assertTrue("Check if 'cancel' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub2, employee, Permission.CANCEL));
+        assertTrue("Check if 'CANCEL' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.CANCEL, instanceStub2));
 
     }
 
-    public void testSetThenAddPermissions() throws Exception {
+    public void testSetThenAddPermissions() {
+        h.executeScript(SET_ADD);
 
-        // script with operations is parsed and executed here
-        helper.executeScript(SET_ADD);
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
         // group permission on process definition
-        assertTrue("Check if 'read' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.READ, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'READ' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.READ, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'update' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.UPDATE, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'UPDATE' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.UPDATE, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'start' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.START, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'START_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.START_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'read_process' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.READ_PROCESS, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'READ_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.READ_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'cancel_process' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.CANCEL_PROCESS, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'CANCEL_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.CANCEL_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        instanceStub1 = helper.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, helper.getAdministrator());
-        instanceStub2 = helper.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, helper.getAdministrator());
+        instanceStub1 = h.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, h.getAdministrator());
+        instanceStub2 = h.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, h.getAdministrator());
 
         // group permission on process instances
-        assertTrue("Check if 'read' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub1, employee, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.READ, instanceStub1));
 
-        assertTrue("Check if 'cancel' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub1, employee, Permission.CANCEL));
+        assertTrue("Check if 'CANCEL' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.CANCEL, instanceStub1));
 
-        assertTrue("Check if 'read' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub2, employee, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.READ, instanceStub2));
 
-        assertTrue("Check if 'cancel' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub2, employee, Permission.CANCEL));
+        assertTrue("Check if 'CANCEL' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.CANCEL, instanceStub2));
     }
 
-    public void testRemovePermissions() throws Exception {
-        // script with operations is parsed and executed here
-        helper.executeScript(REMOVE);
+    public void testRemovePermissions() {
+        h.executeScript(REMOVE);
+
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
         // group permission on process definition
-        assertFalse("Check if 'list' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.LIST, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertFalse("Check if 'DELETE' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.DELETE, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'read' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.READ, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'READ' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.READ, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'update' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.UPDATE, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'UPDATE' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.UPDATE, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'start' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.START, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'START_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.START_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertTrue("Check if 'read_instance' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.READ_PROCESS, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertTrue("Check if 'READ_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.READ_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        assertFalse("Check if 'cancel_instance' permission is given to employees on validProcess definition",
-                helper.isAllowedToExecutorOnDefinition(Permission.CANCEL_PROCESS, employee, WfServiceTestHelper.VALID_PROCESS_NAME));
+        assertFalse("Check if 'CANCEL_PROCESS' permission is given to employees on validProcess definition",
+                h.hasOwnPermissionOnDefinition(employee, Permission.CANCEL_PROCESS, WfServiceTestHelper.VALID_PROCESS_NAME));
 
-        instanceStub1 = helper.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, helper.getAdministrator());
-        instanceStub2 = helper.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, helper.getAdministrator());
+        instanceStub1 = h.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, h.getAdministrator());
+        instanceStub2 = h.startProcessInstance(WfServiceTestHelper.VALID_PROCESS_NAME, h.getAdministrator());
 
         // group permission on process instances
-        assertTrue("Check if 'read' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub1, employee, Permission.READ));
-
-        assertFalse("Check if 'cancel' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub1, employee, Permission.CANCEL));
+        assertTrue("Check if 'READ' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.READ, instanceStub1));
 
-        assertTrue("Check if 'read' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub2, employee, Permission.READ));
+        assertFalse("Check if 'CANCEL' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.CANCEL, instanceStub1));
 
-        assertFalse("Check if 'cancel' permission is given to employee on validProcess instance",
-                helper.isAllowedToExecutor(instanceStub2, employee, Permission.CANCEL));
+        assertTrue("Check if 'READ' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.READ, instanceStub2));
 
+        assertFalse("Check if 'CANCEL' permission is given to employee on validProcess instance",
+                h.hasOwnPermission(employee, Permission.CANCEL, instanceStub2));
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateTest.java
index 06d27eae77..07c894bc2c 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/delegate/WfeScriptServiceDelegateTest.java
@@ -17,20 +17,15 @@
  */
 package ru.runa.wf.delegate;
 
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
+import ru.runa.wf.service.WfScriptServiceTestHelper;
+import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.user.Executor;
 import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
-import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wf.service.WfScriptServiceTestHelper;
 
 /**
  * Edited on 15.04.2006
@@ -43,358 +38,265 @@
 public class WfeScriptServiceDelegateTest extends ServletTestCase {
 
     private static final String EXECUTOR_CREATE = "executor_Create_script.xml";
-
     private static final String SET_ADD = "executor_SetAdd_script.xml";
-
     private static final String ADD_SET = "executor_AddSet_script.xml";
-
     private static final String REMOVE = "executor_Remove_script.xml";
 
     private static final Group EMPLOYEE_GROUP = new Group("employee", null);
-
     private static final Group BOSS_GROUP = new Group("boss", null);
 
     private static final Actor DOROTHY_ACTOR = new Actor("dorothy", null, "Dorothy Gale");
-
     private static final Actor TOTO_ACTOR = new Actor("toto", "Dorothy's dog", null);
-
     private static final Actor LION_ACTOR = new Actor("lion", null, "The Cowardly Lion");
-
     private static final Actor SCARECROW_ACTOR = new Actor("scarecrow", null, "The Scarecrow");
-
     private static final Actor TIN_ACTOR = new Actor("tin", null, "The Tin Man");
-
     private static final Actor GLUCH_ACTOR = new Actor("gulch", "Someone we will create and delete in this script", "The Wicked Witch of the West");
 
     private static final String TIN_ACTOR_PASSWORD = "secretword";
 
     private static final Executor[] EXECUTORS = { EMPLOYEE_GROUP, BOSS_GROUP, DOROTHY_ACTOR, TOTO_ACTOR, LION_ACTOR, SCARECROW_ACTOR, TIN_ACTOR,
             GLUCH_ACTOR };
-
     private static final Executor[] EMPLOYEE_GROUP_EXECUTORS = { DOROTHY_ACTOR, LION_ACTOR, SCARECROW_ACTOR, TIN_ACTOR, GLUCH_ACTOR };
-
     private static final Executor[] BOSS_GROUP_EXECUTORS = { DOROTHY_ACTOR };
 
-    private WfScriptServiceTestHelper helper = null;
+    private WfScriptServiceTestHelper h = null;
 
-    protected void setUp() throws Exception {
-        helper = new WfScriptServiceTestHelper(getClass().getName());
-        super.setUp();
+    @Override
+    protected void setUp() {
+        h = new WfScriptServiceTestHelper(getClass().getName());
     }
 
-    protected void tearDown() throws Exception {
+    @Override
+    protected void tearDown() {
         removeExecutorsIfExist();
-        helper.releaseResources();
-        helper = null;
-        super.tearDown();
+        h.releaseResources();
+        h = null;
     }
 
-    public void testCreateActorGroup() throws Exception {
-
-        // check if group and actor exist and remove if so
+    public void testCreateActorGroup() {
         removeExecutorsIfExist();
+        h.executeScript(EXECUTOR_CREATE);
 
-        // script with operations is parsed and executed here
-        helper.executeScript(EXECUTOR_CREATE);
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
-        for (int i = 0; i < EXECUTORS.length; i++) {
-            Executor actual = helper.getExecutor(EXECUTORS[i].getName());
-            assertTrue("Executors creation name check" + actual.getName(), helper.areExecutorsWeaklyEqual(actual, EXECUTORS[i]));
+        for (Executor e : EXECUTORS) {
+            Executor actual = h.getExecutor(e.getName());
+            assertTrue("Executors creation name check" + actual.getName(), h.areExecutorsWeaklyEqual(actual, e));
         }
 
         // check if password is correct
-        assertTrue("Check if tin password is correct", helper.isPasswordCorrect(TIN_ACTOR.getName(), TIN_ACTOR_PASSWORD));
+        assertTrue("Check if tin password is correct", h.isPasswordCorrect(TIN_ACTOR.getName(), TIN_ACTOR_PASSWORD));
 
         // check if actors are added to groups correctly
-        Group employeeGroup = (Group) helper.getExecutor(EMPLOYEE_GROUP.getName());
-        for (int i = 0; i < EMPLOYEE_GROUP_EXECUTORS.length; i++) {
-            Executor actual = helper.getExecutor(EMPLOYEE_GROUP_EXECUTORS[i].getName());
+        Group employeeGroup = (Group) h.getExecutor(EMPLOYEE_GROUP.getName());
+        for (Executor e : EMPLOYEE_GROUP_EXECUTORS) {
+            Executor actual = h.getExecutor(e.getName());
             assertTrue("Employee group membership check: " + actual.getName() + " is in " + employeeGroup.getName(),
-                    helper.isExecutorInGroup(actual, employeeGroup));
+                    h.isExecutorInGroup(actual, employeeGroup));
         }
 
-        Group bossGroup = (Group) helper.getExecutor(BOSS_GROUP.getName());
-        for (int i = 0; i < BOSS_GROUP_EXECUTORS.length; i++) {
-            Executor actual = helper.getExecutor(BOSS_GROUP_EXECUTORS[i].getName());
-            assertTrue("Boss group membership check: " + actual.getName() + " is in " + bossGroup.getName(),
-                    helper.isExecutorInGroup(actual, bossGroup));
+        Group bossGroup = (Group) h.getExecutor(BOSS_GROUP.getName());
+        for (Executor e : BOSS_GROUP_EXECUTORS) {
+            Executor actual = h.getExecutor(e.getName());
+            assertTrue("Boss group membership check: " + actual.getName() + " is in " + bossGroup.getName(), h.isExecutorInGroup(actual, bossGroup));
         }
 
     }
 
-    public void testAddThenSetPermissions() throws Exception {
-        // check if group and actor exist and remove if so
+    public void testAddThenSetPermissions() {
         removeExecutorsIfExist();
+        h.executeScript(ADD_SET);
 
-        // script with operations is parsed and executed here
-        helper.executeScript(ADD_SET);
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
         // executors are created by script
-        Executor toto = helper.getExecutor(TOTO_ACTOR.getName());
-        Executor dorothy = helper.getExecutor(DOROTHY_ACTOR.getName());
-        Executor employee = helper.getExecutor(EMPLOYEE_GROUP.getName());
-        Executor tin = helper.getExecutor(TIN_ACTOR.getName());
+        Executor toto = h.getExecutor(TOTO_ACTOR.getName());
+        Executor dorothy = h.getExecutor(DOROTHY_ACTOR.getName());
+        Executor employee = h.getExecutor(EMPLOYEE_GROUP.getName());
+        Executor tin = h.getExecutor(TIN_ACTOR.getName());
 
         // actor permissions on actors
-        assertTrue("Check if 'read' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.READ, toto));
 
-        assertFalse("Check if 'update' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.UPDATE));
+        assertFalse("Check if 'UPDATE' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.UPDATE, toto));
 
         // actor permissions on groups
-        assertFalse("Check if 'list' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.LIST));
-
-        assertFalse("Check if 'read' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.READ, employee));
 
-        assertFalse("Check if 'view_tasks' permission is given to dorothy on employee",
-                helper.isAllowedToExecutor(employee, dorothy, Permission.VIEW_TASKS));
+        assertFalse("Check if 'UPDATE' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.UPDATE, employee));
 
-        assertTrue("Check if 'update' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.UPDATE));
+        assertFalse("Check if 'UPDATE_PERMISSIONS' permission is given to dorothy on employee",
+                h.hasOwnPermission(dorothy, Permission.UPDATE_PERMISSIONS, employee));
 
-        assertTrue("Check if 'update_status' permission is given to dorothy on employee",
-                helper.isAllowedToExecutor(employee, dorothy, Permission.UPDATE_STATUS));
-
-        assertTrue("Check if 'delete' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.DELETE));
+        assertTrue("Check if 'VIEW_TASKS' permission is given to dorothy on employee",
+                h.hasOwnPermission(dorothy, Permission.VIEW_TASKS, employee));
 
         // group permission on groups
-        assertTrue("Check if 'read' permission is given to employee on employee", helper.isAllowedToExecutor(employee, employee, Permission.READ));
-
-        assertFalse("Check if 'list' permission is given to employees on employee", helper.isAllowedToExecutor(employee, employee, Permission.LIST));
+        assertTrue("Check if 'READ' permission is given to employee on employee", h.hasOwnPermission(employee, Permission.READ, employee));
 
-        assertFalse("Check if 'update' permission is given to employees on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.UPDATE));
+        assertFalse("Check if 'UPDATE' permission is given to employees on employee", h.hasOwnPermission(employee, Permission.UPDATE, employee));
 
-        assertFalse("Check if 'delete' permission is given to employee on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.DELETE));
+        assertFalse("Check if 'VIEW_TASKS' permission is given to employee on employee",
+                h.hasOwnPermission(employee, Permission.VIEW_TASKS, employee));
 
         // group permission on actor
-        assertFalse("Check if 'read' permission is given to employee on tin", helper.isAllowedToExecutor(tin, employee, Permission.READ));
-
-        assertTrue("Check if 'update' permission is given to employee on tin", helper.isAllowedToExecutor(tin, employee, Permission.UPDATE));
-
-        // group permission on Executors
-        assertTrue("Check if 'update' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.UPDATE));
-
-        assertTrue("Check if 'create' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.CREATE));
-
-        assertFalse("Check if 'login' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.LOGIN));
+        assertFalse("Check if 'READ' permission is given to employee on tin", h.hasOwnPermission(employee, Permission.READ, tin));
 
-        // group permission on Definitions
-        assertFalse("Check if 'read' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.READ));
+        assertTrue("Check if 'UPDATE' permission is given to employee on tin", h.hasOwnPermission(employee, Permission.UPDATE, tin));
 
-        assertFalse("Check if 'list' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.LIST));
+        // group permission on singleton
+        assertFalse("Check if 'LOGIN' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.LOGIN, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'create' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.CREATE));
+        assertFalse("Check if 'CREATE_EXECUTOR' permission is given to employee on Definitions",
+                h.hasOwnPermission(employee, Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'update' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.UPDATE));
+        assertFalse("Check if 'CREATE_DEFINITION' permission is given to employee on Definitions",
+                h.hasOwnPermission(employee, Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'start' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.START));
+        assertTrue("Check if 'READ' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.READ, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'read_process' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.READ_PROCESS));
+        assertTrue("Check if 'VIEW_LOGS' permission is given to employee on Definitions",
+                h.hasOwnPermission(employee, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'cancel_process' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.CANCEL_PROCESS));
+        assertFalse("Check if 'CHANGE_SELF_PASSWORD' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.CHANGE_SELF_PASSWORD, SecuredSingleton.SYSTEM));
     }
 
-    public void testSetThenAddPermissions() throws Exception {
-        // check if group and actor exist and remove if so
+    public void testSetThenAddPermissions() {
         removeExecutorsIfExist();
+        h.executeScript(SET_ADD);
 
-        // script with operations is parsed and executed here
-        helper.executeScript(SET_ADD);
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
-        Executor toto = helper.getExecutor(TOTO_ACTOR.getName());
-        Executor dorothy = helper.getExecutor(DOROTHY_ACTOR.getName());
-        Executor employee = helper.getExecutor(EMPLOYEE_GROUP.getName());
-        Executor tin = helper.getExecutor(TIN_ACTOR.getName());
+        Executor toto = h.getExecutor(TOTO_ACTOR.getName());
+        Executor dorothy = h.getExecutor(DOROTHY_ACTOR.getName());
+        Executor employee = h.getExecutor(EMPLOYEE_GROUP.getName());
+        Executor tin = h.getExecutor(TIN_ACTOR.getName());
 
         // actor permissions on actors
-        assertTrue("Check if 'list' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.LIST));
+        assertTrue("Check if 'READ' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.READ, toto));
 
-        assertTrue("Check if 'read' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.READ));
+        assertTrue("Check if 'VIEW_TASKS' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.VIEW_TASKS, toto));
 
-        assertTrue("Check if 'update' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.UPDATE));
+        assertTrue("Check if 'UPDATE' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.UPDATE, toto));
 
         // actor permissions on groups
-        assertTrue("Check if 'list' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.LIST));
+        assertTrue("Check if 'READ' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.READ, employee));
 
-        assertTrue("Check if 'read' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.READ));
+        assertTrue("Check if 'VIEW_TASKS' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.VIEW_TASKS, employee));
 
-        assertTrue("Check if 'update' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.UPDATE));
+        assertTrue("Check if 'UPDATE' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.UPDATE, employee));
 
-        assertTrue("Check if 'delete' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.DELETE));
+        assertTrue("Check if 'UPDATE_PERMISSIONS' permission is given to dorothy on employee",
+                h.hasOwnPermission(dorothy, Permission.UPDATE_PERMISSIONS, employee));
 
         // group permission on groups
-        assertTrue("Check if 'list' permission is given to employee on employee", helper.isAllowedToExecutor(employee, employee, Permission.LIST));
+        assertTrue("Check if 'READ' permission is given to employees on employee", h.hasOwnPermission(employee, Permission.READ, employee));
 
-        assertTrue("Check if 'read' permission is given to employees on employee", helper.isAllowedToExecutor(employee, employee, Permission.READ));
+        assertTrue("Check if 'VIEW_TASKS' permission is given to employee on employee",
+                h.hasOwnPermission(employee, Permission.VIEW_TASKS, employee));
 
-        assertTrue("Check if 'update' permission is given to employees on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.UPDATE));
+        assertTrue("Check if 'UPDATE' permission is given to employees on employee", h.hasOwnPermission(employee, Permission.UPDATE, employee));
 
-        assertTrue("Check if 'delete' permission is given to employee on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.DELETE));
+        assertTrue("Check if 'UPDATE_PERMISSIONS' permission is given to employee on employee",
+                h.hasOwnPermission(employee, Permission.UPDATE_PERMISSIONS, employee));
 
         // group permission on actor
-        assertTrue("Check if 'read' permission is given to employee on tin", helper.isAllowedToExecutor(tin, employee, Permission.READ));
-
-        assertTrue("Check if 'update' permission is given to employee on tin", helper.isAllowedToExecutor(tin, employee, Permission.UPDATE));
-
-        // group permission on Executors
-        assertTrue("Check if 'read' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.READ));
-
-        assertTrue("Check if 'update' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.UPDATE));
-
-        assertTrue("Check if 'login' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.LOGIN));
-
-        assertTrue("Check if 'create' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.CREATE));
+        assertTrue("Check if 'READ' permission is given to employee on tin", h.hasOwnPermission(employee, Permission.READ, tin));
 
-        // group permission on Definitions
-        assertTrue("Check if 'read' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.READ));
+        assertTrue("Check if 'UPDATE' permission is given to employee on tin", h.hasOwnPermission(employee, Permission.UPDATE, tin));
 
-        assertTrue("Check if 'create' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.CREATE));
+        // group permission on SYSTEM singleton
+        assertTrue("Check if 'LOGIN' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.LOGIN, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'update' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.UPDATE));
+        assertTrue("Check if 'READ' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.READ, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'start' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.START));
+        assertTrue("Check if 'CREATE_DEFINITION' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'read_process' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.READ_PROCESS));
-
-        assertTrue("Check if 'cancel_process' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.CANCEL_PROCESS));
+        assertTrue("Check if 'CREATE_EXECUTOR' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM));
     }
 
-    public void testRemove() throws Exception {
-        // check if group and actor exist and remove if so
+    public void testRemove() {
         removeExecutorsIfExist();
+        h.executeScript(REMOVE);
 
-        // script with operations is parsed and executed here
-        helper.executeScript(REMOVE);
-
-        /**
-         * This checks are valid only for one paticular given script file. If this script file is edited the following test method must be changed in
-         * corresponding way
-         */
-        Executor tin = helper.getExecutor(TIN_ACTOR.getName());
-        Executor toto = helper.getExecutor(TOTO_ACTOR.getName());
-        Executor dorothy = helper.getExecutor(DOROTHY_ACTOR.getName());
-        Executor employee = helper.getExecutor(EMPLOYEE_GROUP.getName());
+        // ATTENTION! These tests are valid only for script file executed above. If that file is edited, the tests must be changed accordingly.
 
-        // assert that tin is still in employee group
-        assertTrue("Tin is in employee group", helper.isExecutorInGroup(tin, (Group) employee));
+        val tin = h.getExecutor(TIN_ACTOR.getName());
+        val toto = h.getExecutor(TOTO_ACTOR.getName());
+        val dorothy = h.getExecutor(DOROTHY_ACTOR.getName());
+        val employee = (Group) h.getExecutor(EMPLOYEE_GROUP.getName());
 
-        // assert that dorothy is not in employee group
-        assertFalse("dorothy is not in employee group", helper.isExecutorInGroup(dorothy, (Group) employee));
+        assertTrue("Tin is in employee group", h.isExecutorInGroup(tin, employee));
+        assertFalse("dorothy is not in employee group", h.isExecutorInGroup(dorothy, employee));
 
         // actor permissions on actors
-        assertFalse("Dorothy's 'list' permission on toto is revoked", helper.isAllowedToExecutor(toto, dorothy, Permission.LIST));
+        assertFalse("Dorothy's 'VIEW_TASKS' permission on toto is revoked", h.hasOwnPermission(dorothy, Permission.VIEW_TASKS, toto));
 
-        assertTrue("Check if 'read' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.READ, toto));
 
-        assertTrue("Check if 'update' permission is given to dorothy on toto", helper.isAllowedToExecutor(toto, dorothy, Permission.UPDATE));
+        assertTrue("Check if 'UPDATE' permission is given to dorothy on toto", h.hasOwnPermission(dorothy, Permission.UPDATE, toto));
 
         // actor permissions on groups
-        assertFalse("Dorothy's 'update_status' permission on employee is revoked",
-                helper.isAllowedToExecutor(employee, dorothy, Permission.UPDATE_STATUS));
+        assertTrue("Check if 'READ' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.READ, employee));
 
-        assertTrue("Check if 'read' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.READ));
+        assertTrue("Check if 'UPDATE' permission is given to dorothy on employee", h.hasOwnPermission(dorothy, Permission.UPDATE, employee));
 
-        assertTrue("Check if 'update' permission is given to dorothy on employee", helper.isAllowedToExecutor(employee, dorothy, Permission.UPDATE));
+        assertFalse("Dorothy's 'UPDATE_PERMISSIONS' permission on employee is revoked",
+                h.hasOwnPermission(dorothy, Permission.UPDATE_PERMISSIONS, employee));
 
         // group permissions on group
-        assertTrue("Check if 'read' permission is given to employee on employee", helper.isAllowedToExecutor(employee, employee, Permission.READ));
-
-        assertTrue("Check if 'delete' permission is given to employees on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.DELETE));
+        assertTrue("Check if 'READ' permission is given to employee on employee", h.hasOwnPermission(employee, Permission.READ, employee));
 
-        assertTrue("Check if 'view_tasks' permission is given to employees on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.VIEW_TASKS));
+        assertFalse("Check if 'UPDATE' permission is given to employee on employee",
+                h.hasOwnPermission(employee, Permission.UPDATE, employee));
 
-        assertFalse("Check if 'list' permission is given to employees on employee", helper.isAllowedToExecutor(employee, employee, Permission.LIST));
+        assertFalse("Check if 'UPDATE_PERMISSIONS' permission is given to employee on employee",
+                h.hasOwnPermission(employee, Permission.UPDATE_PERMISSIONS, employee));
 
-        assertFalse("Check if 'update' permission is given to employee on employee",
-                helper.isAllowedToExecutor(employee, employee, Permission.UPDATE));
+        assertTrue("Check if 'VIEW_TASKS' permission is given to employees on employee",
+                h.hasOwnPermission(employee, Permission.VIEW_TASKS, employee));
 
         // group permission on actor
-        assertFalse("Check if 'update' permission is given to employee on tin", helper.isAllowedToExecutor(tin, employee, Permission.UPDATE));
-
-        assertTrue("Check if 'read' permission is given to employee on tin", helper.isAllowedToExecutor(tin, employee, Permission.READ));
-
-        // group permission on Executors
-        assertTrue("Check if 'read' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.READ));
+        assertTrue("Check if 'READ' permission is given to employee on tin", h.hasOwnPermission(employee, Permission.READ, tin));
 
-        assertTrue("Check if 'login' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.LOGIN));
+        assertFalse("Check if 'UPDATE' permission is given to employee on tin", h.hasOwnPermission(employee, Permission.UPDATE, tin));
 
-        assertTrue("Check if 'create' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.CREATE));
+        assertTrue("Check if 'UPDATE_ACTOR_STATUS' permission is given to employee on tin",
+                h.hasOwnPermission(employee, Permission.UPDATE_ACTOR_STATUS, tin));
 
-        assertFalse("Check if 'update' permission is given to employee on Executors",
-                helper.isAllowedToExecutor(SecuredSingleton.EXECUTORS, employee, Permission.UPDATE));
+        // group permission on SYSTEM singleton
+        assertFalse("Check if 'LOGIN' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.LOGIN, SecuredSingleton.SYSTEM));
 
-        // group permission on Definitions
-        assertTrue("Check if 'create' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.CREATE));
+        assertTrue("Check if 'READ' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.READ, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'update' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.UPDATE));
+        assertTrue("Check if 'CREATE_DEFINITION' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM));
 
-        assertTrue("Check if 'start' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.START));
-
-        assertFalse("Check if 'read' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.READ));
-
-        assertFalse("Check if 'read_process' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.READ_PROCESS));
-
-        assertFalse("Check if 'cancel_process' permission is given to employee on Definitions",
-                helper.isAllowedToExecutor(SecuredSingleton.DEFINITIONS, employee, Permission.CANCEL_PROCESS));
+        assertTrue("Check if 'CREATE_EXECUTOR' permission is given to employee on Executors",
+                h.hasOwnPermission(employee, Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM));
 
         try {
-            helper.getExecutor(GLUCH_ACTOR.getName());
+            h.getExecutor(GLUCH_ACTOR.getName());
             fail("Deleted executor present");
         } catch (ExecutorDoesNotExistException e) {
-
+            // Expected.
         }
     }
 
-    private void removeExecutorsIfExist() throws AuthorizationException, AuthenticationException {
-        for (int i = 0; i < EXECUTORS.length; i++) {
-            helper.removeExecutorIfExists(EXECUTORS[i]);
+    private void removeExecutorsIfExist() {
+        for (Executor e : EXECUTORS) {
+            h.removeExecutorIfExists(e);
         }
-        helper.removeExecutorIfExists(EMPLOYEE_GROUP);
-        helper.removeExecutorIfExists(BOSS_GROUP);
+        h.removeExecutorIfExists(EMPLOYEE_GROUP);
+        h.removeExecutorIfExists(BOSS_GROUP);
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/DecisionTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/DecisionTest.java
index 216fadf210..78e2e2022a 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/DecisionTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/DecisionTest.java
@@ -17,16 +17,13 @@
  */
 package ru.runa.wf.jpdl;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
-
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.presentation.BatchPresentation;
@@ -35,20 +32,14 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 14.05.2005
  * 
  * @author Gritsenko_S
  */
 public class DecisionTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
-    private Map<String, Object> startVariables;
-
     private BatchPresentation batchPresentation;
 
     public static Test suite() {
@@ -56,262 +47,257 @@ public static Test suite() {
     }
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getTaskBatchPresentation();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.DECISION_JPDL_PROCESS_FILE_NAME);
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME);
-
-        batchPresentation = th.getTaskBatchPresentation();
-
-        super.setUp();
+        h.deployValidProcessDefinition(WfServiceTestHelper.DECISION_JPDL_PROCESS_FILE_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(
+                Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS),
+                WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testPath1() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "false");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+    public void testPath1() {
+        val startVars = new HashMap<String, Object>();
+        startVars.put("def_variable", "false");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_2", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 
-    public void testPath2() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+    public void testPath2() {
+        val startVars = new HashMap<String, Object>();
+        startVars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        Map<String, Object> state1Variables = new HashMap<String, Object>();
-        state1Variables.put("monitoring_variable", "end");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
+        val state1Vars = new HashMap<String, Object>();
+        state1Vars.put("monitoring_variable", "end");
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 
-    public void testPath3() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+    public void testPath3() {
+        val startVars = new HashMap<String, Object>();
+        startVars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        Map<String, Object> state1Variables = new HashMap<String, Object>();
-        state1Variables.put("monitoring_variable", "2");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
+        val state1Vars = new HashMap<String, Object>();
+        state1Vars.put("monitoring_variable", "2");
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_2", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), tasks.get(0).getId(), state1Variables, null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 
-    public void testPath4() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+    public void testPath4() {
+        val startVars = new HashMap<String, Object>();
+        startVars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        Map<String, Object> state1Variables = new HashMap<String, Object>();
-        state1Variables.put("monitoring_variable", "3");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
+        val state1Vars = new HashMap<String, Object>();
+        state1Vars.put("monitoring_variable", "3");
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_3", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), tasks.get(0).getId(), state1Variables, null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 
-    public void testPath5() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+    public void testPath5() {
+        val startVars = new HashMap<String, Object>();
+        startVars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        Map<String, Object> state1Variables = new HashMap<String, Object>();
-        state1Variables.put("monitoring_variable", "1");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
+        val state1Vars = new HashMap<String, Object>();
+        state1Vars.put("monitoring_variable", "1");
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        state1Variables.clear();
-        state1Variables.put("monitoring_variable", "1");
+        state1Vars.clear();
+        state1Vars.put("monitoring_variable", "1");
         for (int i = 0; i < 7; i++) {
-            th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
-            tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+            h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
+            tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
             assertEquals("tasks length differs from expected", 0, tasks.size());
-            tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+            tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
             assertEquals("tasks length differs from expected", 0, tasks.size());
-            tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+            tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
             assertEquals("tasks length differs from expected", 1, tasks.size());
             assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
         }
 
-        state1Variables.clear();
-        state1Variables.put("monitoring_variable", "4");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
+        state1Vars.clear();
+        state1Vars.put("monitoring_variable", "4");
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
 
-        tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 
-    public void testPath6() throws Exception {
+    public void testPath6() {
         try {
-            startVariables = new HashMap<String, Object>();
-            startVariables.put("def_variable", "Error_Var");
-            executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+            val startVars = new HashMap<String, Object>();
+            startVars.put("def_variable", "Error_Var");
+            executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-            List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+            List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
             assertEquals("tasks length differs from expected", 0, tasks.size());
 
-            tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+            tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
             assertEquals("tasks length differs from expected", 1, tasks.size());
 
-            tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+            tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
             assertEquals("tasks length differs from expected", 0, tasks.size());
         } catch (InternalApplicationException e) {
-            // may be throwed in future
+            // may be thrown in the future
         }
     }
 
-    public void testPath7() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVariables);
+    public void testPath7() {
+        val startVars = new HashMap<String, Object>();
+        startVars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.DECISION_JPDL_PROCESS_NAME, startVars);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        Map<String, Object> state1Variables = new HashMap<String, Object>();
-        state1Variables.put("monitoring_variable", "Error_Var2");
-
+        val state1Vars = new HashMap<String, Object>();
+        state1Vars.put("monitoring_variable", "Error_Var2");
         try {
-            th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), state1Variables, null);
-            assertFalse(" Integer in decision parsed value 'Error_Var2' ", true);
+            h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), state1Vars);
+            fail(" Integer in decision parsed value 'Error_Var2' ");
         } catch (Exception e) {
             // expected
         }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork1Test.java b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork1Test.java
index 32625f22ec..bbaf6c14dc 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork1Test.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork1Test.java
@@ -17,16 +17,14 @@
  */
 package ru.runa.wf.jpdl;
 
+import com.google.common.collect.Lists;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
-
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentation;
@@ -35,95 +33,85 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 14.05.2005
  * 
  * @author Gritsenko_S
  */
 public class Fork1Test extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
     private BatchPresentation batchPresentation;
 
-    private HashMap<String, Object> startVariables;
-
     public static Test suite() {
         return new TestSuite(Fork1Test.class);
     }
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getTaskBatchPresentation();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_1_PROCESS_FILE_NAME);
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME);
-
-        batchPresentation = th.getTaskBatchPresentation();
-
-        super.setUp();
+        h.deployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_1_PROCESS_FILE_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(
+                Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS),
+                WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testVariant1() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable1", "true");
-        startVariables.put("def_variable2", "false");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, startVariables);
+    public void testVariant1() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable1", "true");
+        vars.put("def_variable2", "false");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         String[] expectedStateNames = { "state_2", "state_4" };
         String[] actualStateNames = { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_2", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         WfTask task = null;
@@ -135,20 +123,20 @@ public void testVariant1() throws Exception {
             }
         }
         assert (task != null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_7", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         task = null;
@@ -160,166 +148,166 @@ public void testVariant1() throws Exception {
             }
         }
         assert (task != null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_7", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_7", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 
-    public void testVariant2() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable1", "false");
-        startVariables.put("def_variable2", "false");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, startVariables);
+    public void testVariant2() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable1", "false");
+        vars.put("def_variable2", "false");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_5", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_7", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_7", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 
-    public void testVariant3() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable1", "false");
-        startVariables.put("def_variable2", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, startVariables);
+    public void testVariant3() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable1", "false");
+        vars.put("def_variable2", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, hrTasks.size());
         String[] expectedStateNames = { "state_3", "state_5" };
         String[] actualStateNames = { hrTasks.get(0).getName(), hrTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(1).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
         WfTask task = null;
         if (hrTasks.get(0).getName().equals("state_5")) {
@@ -331,99 +319,99 @@ public void testVariant3() throws Exception {
         }
         assert (task != null);
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 
-    public void testVariant4() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable1", "true");
-        startVariables.put("def_variable2", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, startVariables);
+    public void testVariant4() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable1", "true");
+        vars.put("def_variable2", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         String[] expectedStateNames = { "state_2", "state_4" };
         String[] actualStateNames = { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
@@ -438,137 +426,137 @@ public void testVariant4() throws Exception {
             }
         }
         assert (task != null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, hrTasks.size());
         expectedStateNames = new String[] { "state_3", "state_3" };
         actualStateNames = new String[] { hrTasks.get(0).getName(), hrTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_4", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), null, null);
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(1).getId(), null, null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(1).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_4", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 
-    public void testVariant4async() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable1", "true");
-        startVariables.put("def_variable2", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, startVariables);
+    public void testVariant4async() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable1", "true");
+        vars.put("def_variable2", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_1_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         String[] expectedStateNames = { "state_2", "state_4" };
         String[] actualStateNames = { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
@@ -583,25 +571,25 @@ public void testVariant4async() throws Exception {
             }
         }
         assert (task != null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, hrTasks.size());
         expectedStateNames = new String[] { "state_3", "state_3" };
         actualStateNames = new String[] { hrTasks.get(0).getName(), hrTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_4", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         WfTask erpTask2;
@@ -626,88 +614,88 @@ public void testVariant4async() throws Exception {
             }
         }
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTask2.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTask2.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, performerTasks.size());
         expectedStateNames = new String[] { "state_6", "state_6" };
         actualStateNames = new String[] { performerTasks.get(0).getName(), performerTasks.get(1).getName() };
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(1).getOwner());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork2Test.java b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork2Test.java
index 717ae6ec69..f2e3a9ab29 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork2Test.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/Fork2Test.java
@@ -17,15 +17,13 @@
  */
 package ru.runa.wf.jpdl;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
 import java.util.HashMap;
 import java.util.List;
-
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
+import lombok.val;
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentation;
@@ -34,215 +32,205 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-
 /**
  * Created on 16.05.2005
  * 
  * @author Gritsenko_S
  */
 public class Fork2Test extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
     private BatchPresentation batchPresentation;
 
-    private HashMap<String, Object> startVariables;
-
     public static Test suite() {
         return new TestSuite(Fork2Test.class);
     }
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getTaskBatchPresentation();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_2_PROCESS_FILE_NAME);
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME);
-
-        batchPresentation = th.getTaskBatchPresentation();
-
-        super.setUp();
+        h.deployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_2_PROCESS_FILE_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(
+                Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS),
+                WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void testVariant1() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "false");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME, startVariables);
+    public void testVariant1() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable", "false");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_5", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         String[] expectedStateNames = { "state_7", "state_4" };
         String[] actualStateNames = { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(1).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(1).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 
-    public void testVariant2() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME, startVariables);
+    public void testVariant2() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         String[] expectedStateNames = { "state_2", "state_4" };
         String[] actualStateNames = { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_2", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         WfTask task = null;
@@ -254,46 +242,46 @@ public void testVariant2() throws Exception {
             }
         }
         assert (task != null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_7", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         task = null;
@@ -306,102 +294,102 @@ public void testVariant2() throws Exception {
         }
         assert (task != null);
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_4", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 
-    public void testVariant3() throws Exception {
-        startVariables = new HashMap<String, Object>();
-        startVariables.put("def_variable", "true");
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME, startVariables);
+    public void testVariant3() {
+        val vars = new HashMap<String, Object>();
+        vars.put("def_variable", "true");
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_JPDL_2_PROCESS_NAME, vars);
 
-        List<WfTask> hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        List<WfTask> hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_1", hrTasks.get(0).getName());
-        assertEquals("task is assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        List<WfTask> erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        List<WfTask> erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        List<WfTask> performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         String[] expectedStateNames = { "state_2", "state_4" };
         String[] actualStateNames = { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_2", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         WfTask task = null;
@@ -414,35 +402,35 @@ public void testVariant3() throws Exception {
         }
         assert (task != null);
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_2", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, hrTasks.size());
         assertEquals("task name differs from expected", "state_3", hrTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getHrOperator(), hrTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getHrOperator(), hrTasks.get(0).getOwner());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, erpTasks.size());
         expectedStateNames = new String[] { "state_7", "state_4" };
         actualStateNames = new String[] { erpTasks.get(0).getName(), erpTasks.get(1).getName() };
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(1).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(1).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
         task = null;
@@ -455,49 +443,49 @@ public void testVariant3() throws Exception {
         }
         assert (task != null);
 
-        th.getTaskService().completeTask(th.getHrOperatorUser(), hrTasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getErpOperatorUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getHrOperatorUser(), hrTasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), task.getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, erpTasks.size());
         assertEquals("task name differs from expected", "state_7", erpTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getErpOperator(), erpTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getErpOperator(), erpTasks.get(0).getOwner());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
 
-        th.getTaskService().completeTask(th.getErpOperatorUser(), erpTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getErpOperatorUser(), erpTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_6", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, performerTasks.size());
         assertEquals("task name differs from expected", "state_8", performerTasks.get(0).getName());
-        assertEquals("task is not assigned", th.getAuthorizedPerformerActor(), performerTasks.get(0).getOwner());
+        assertEquals("task is not assigned", h.getAuthorizedActor(), performerTasks.get(0).getOwner());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), performerTasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), performerTasks.get(0).getId(), null);
 
-        hrTasks = th.getTaskService().getMyTasks(th.getHrOperatorUser(), batchPresentation);
+        hrTasks = h.getTaskService().getMyTasks(h.getHrOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, hrTasks.size());
 
-        erpTasks = th.getTaskService().getMyTasks(th.getErpOperatorUser(), batchPresentation);
+        erpTasks = h.getTaskService().getMyTasks(h.getErpOperatorUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, erpTasks.size());
 
-        performerTasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        performerTasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, performerTasks.size());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/ForkFaultTest.java b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/ForkFaultTest.java
index 64dd32d6d2..b0a5db8c66 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/ForkFaultTest.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/jpdl/ForkFaultTest.java
@@ -17,15 +17,13 @@
  */
 package ru.runa.wf.jpdl;
 
-import java.util.Collection;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import java.util.HashMap;
 import java.util.List;
-
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
 import org.apache.cactus.ServletTestCase;
-
 import ru.runa.junit.ArrayAssert;
 import ru.runa.wf.service.WfServiceTestHelper;
 import ru.runa.wfe.presentation.BatchPresentation;
@@ -34,19 +32,14 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.task.dto.WfTask;
 
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-
 /**
  * Created on 14.05.2005
  * 
  * @author Gritsenko_S
  */
 public class ForkFaultTest extends ServletTestCase {
+    private WfServiceTestHelper h;
     private ExecutionService executionService;
-
-    private WfServiceTestHelper th = null;
-
     private BatchPresentation batchPresentation;
 
     public static Test suite() {
@@ -54,38 +47,34 @@ public static Test suite() {
     }
 
     @Override
-    protected void setUp() throws Exception {
-        th = new WfServiceTestHelper(getClass().getName());
+    protected void setUp() {
+        h = new WfServiceTestHelper(getClass().getName());
         executionService = Delegates.getExecutionService();
+        batchPresentation = h.getTaskBatchPresentation();
 
-        th.deployValidProcessDefinition(WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_FILE_NAME);
-
-        Collection<Permission> permissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        th.setPermissionsToAuthorizedPerformerOnDefinitionByName(permissions, WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME);
-
-        batchPresentation = th.getTaskBatchPresentation();
-
-        super.setUp();
+        h.deployValidProcessDefinition(WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_FILE_NAME);
+        h.setPermissionsToAuthorizedActorOnDefinitionByName(
+                Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS),
+                WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME);
     }
 
     @Override
-    protected void tearDown() throws Exception {
-        th.undeployValidProcessDefinition(WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME);
-        th.releaseResources();
+    protected void tearDown() {
+        h.undeployValidProcessDefinition(WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME);
+        h.releaseResources();
         executionService = null;
-        super.tearDown();
     }
 
-    public void test1() throws Exception {
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME, null);
+    public void test1() {
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME, null);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, tasks.size());
         List<String> expectedStateNames = Lists.newArrayList("state_2", "state_3");
         List<String> actualStateNames = Lists.newArrayList(tasks.get(0).getName(), tasks.get(1).getName());
@@ -103,32 +92,32 @@ public void test1() throws Exception {
 
         HashMap<String, Object> state2Variables = Maps.newHashMap();
         state2Variables.put("def_variable", "false");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), task.getId(), state2Variables, null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), task.getId(), state2Variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_3", tasks.get(0).getName());
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_4", tasks.get(0).getName());
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 
-    public void testFault1() throws Exception {
-        executionService.startProcess(th.getAuthorizedPerformerUser(), WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME, null);
+    public void testFault1() {
+        executionService.startProcess(h.getAuthorizedUser(), WfServiceTestHelper.FORK_FAULT_JPDL_PROCESS_NAME, null);
 
-        List<WfTask> tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        List<WfTask> tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_1", tasks.get(0).getName());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, tasks.size());
         List<String> expectedStateNames = Lists.newArrayList("state_2", "state_3");
         List<String> actualStateNames = Lists.newArrayList(tasks.get(0).getName(), tasks.get(1).getName());
@@ -146,9 +135,9 @@ public void testFault1() throws Exception {
 
         HashMap<String, Object> state2Variables = Maps.newHashMap();
         state2Variables.put("def_variable", "true");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), task.getId(), state2Variables, null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), task.getId(), state2Variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, tasks.size());
         expectedStateNames = Lists.newArrayList("state_1", "state_3");
         actualStateNames = Lists.newArrayList(tasks.get(0).getName(), tasks.get(1).getName());
@@ -163,14 +152,13 @@ public void testFault1() throws Exception {
         }
         assert (task != null);
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), task.getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), task.getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 3, tasks.size());
         expectedStateNames = Lists.newArrayList("state_2", "state_3", "state_3");
         actualStateNames = Lists.newArrayList(tasks.get(0).getName(), tasks.get(1).getName(), tasks.get(2).getName());
         ArrayAssert.assertWeakEqualArrays("state names differs from expected", expectedStateNames, actualStateNames);
-        task = null;
         if (tasks.get(0).getName().equals("state_2")) {
             task = tasks.get(0);
         } else {
@@ -181,22 +169,22 @@ public void testFault1() throws Exception {
             }
         }
 
-        state2Variables = new HashMap<String, Object>();
+        state2Variables = new HashMap<>();
         state2Variables.put("def_variable", "false");
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), task.getId(), state2Variables, null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), task.getId(), state2Variables);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 2, tasks.size());
 
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(1).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(1).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 1, tasks.size());
         assertEquals("task name differs from expected", "state_4", tasks.get(0).getName());
-        th.getTaskService().completeTask(th.getAuthorizedPerformerUser(), tasks.get(0).getId(), new HashMap<String, Object>(), null);
+        h.getTaskService().completeTask(h.getAuthorizedUser(), tasks.get(0).getId(), null);
 
-        tasks = th.getTaskService().getMyTasks(th.getAuthorizedPerformerUser(), batchPresentation);
+        tasks = h.getTaskService().getMyTasks(h.getAuthorizedUser(), batchPresentation);
         assertEquals("tasks length differs from expected", 0, tasks.size());
     }
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfScriptServiceTestHelper.java b/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfScriptServiceTestHelper.java
index 3d48efb6a7..0c3b975529 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfScriptServiceTestHelper.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfScriptServiceTestHelper.java
@@ -1,40 +1,31 @@
 package ru.runa.wf.service;
 
-import java.io.IOException;
+import com.google.common.base.Objects;
+import com.google.common.collect.Lists;
 import java.util.Collection;
-
-import ru.runa.wfe.InternalApplicationException;
+import java.util.HashMap;
 import ru.runa.wfe.definition.dto.WfDefinition;
 import ru.runa.wfe.execution.dto.WfProcess;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
 import ru.runa.wfe.user.Executor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
-
-import com.google.common.base.Objects;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 
 public class WfScriptServiceTestHelper extends WfServiceTestHelper {
 
-    public WfScriptServiceTestHelper(String testClassPrefixName) throws Exception {
+    public WfScriptServiceTestHelper(String testClassPrefixName) {
         super(testClassPrefixName);
     }
 
-    public boolean isAllowedToExecutor(SecuredObject securedObject, Executor executor, Permission permission)
-            throws ExecutorDoesNotExistException, InternalApplicationException {
+    public boolean hasOwnPermission(Executor executor, Permission permission, SecuredObject securedObject) {
         Collection<Permission> permissions = authorizationService.getIssuedPermissions(adminUser, executor, securedObject);
         return permissions.contains(permission);
     }
 
-    public boolean isAllowedToExecutorOnDefinition(Permission permission, Executor executor, String processDefinitionName)
-            throws InternalApplicationException {
+    public boolean hasOwnPermissionOnDefinition(Executor executor, Permission permission, String processDefinitionName) {
         WfDefinition definition = definitionService.getLatestProcessDefinition(adminUser, processDefinitionName);
-        return isAllowedToExecutor(definition, executor, permission);
+        return hasOwnPermission(executor, permission, definition);
     }
 
     public boolean areExecutorsWeaklyEqual(Executor e1, Executor e2) {
@@ -55,20 +46,17 @@ public boolean areExecutorsWeaklyEqual(Executor e1, Executor e2) {
             }
         }
         return true;
-
     }
 
-    public void executeScript(String resourceName)
-            throws IOException, ExecutorDoesNotExistException, AuthenticationException, AuthorizationException {
-        Delegates.getScriptingService().executeAdminScript(adminUser, readBytesFromFile(resourceName), Maps.<String, byte[]>newHashMap());
+    public void executeScript(String resourceName) {
+        Delegates.getScriptingService().executeAdminScript(adminUser, readBytesFromFile(resourceName), new HashMap<>());
     }
 
-    public WfProcess startProcessInstance(String processDefinitionName, Executor performer) throws InternalApplicationException {
-        Collection<Permission> validPermissions = Lists.newArrayList(Permission.START, Permission.READ, Permission.READ_PROCESS);
-        getAuthorizationService().setPermissions(adminUser, performer.getId(), validPermissions,
+    public WfProcess startProcessInstance(String processDefinitionName, Executor performer) {
+        getAuthorizationService().setPermissions(adminUser, performer.getId(),
+                Lists.newArrayList(Permission.START_PROCESS, Permission.READ, Permission.READ_PROCESS),
                 getDefinitionService().getLatestProcessDefinition(adminUser, processDefinitionName));
         getExecutionService().startProcess(adminUser, processDefinitionName, null);
         return getExecutionService().getProcesses(adminUser, getProcessInstanceBatchPresentation()).get(0);
     }
-
 }
diff --git a/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfServiceTestHelper.java b/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfServiceTestHelper.java
index baa36c4bf5..a434bb6af3 100644
--- a/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfServiceTestHelper.java
+++ b/wfe-cactus-it/src/test/java/ru/runa/wf/service/WfServiceTestHelper.java
@@ -17,18 +17,16 @@
  */
 package ru.runa.wf.service;
 
-import java.io.IOException;
+import com.google.common.collect.Lists;
+import com.google.common.io.ByteStreams;
 import java.io.InputStream;
 import java.util.Collection;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
-
-import com.google.common.collect.Lists;
-import com.google.common.io.ByteStreams;
-
+import lombok.Getter;
+import lombok.SneakyThrows;
+import lombok.val;
 import ru.runa.af.service.ServiceTestHelper;
-import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.commons.PropertyResources;
 import ru.runa.wfe.commons.SystemProperties;
 import ru.runa.wfe.definition.DefinitionAlreadyExistException;
@@ -36,8 +34,6 @@
 import ru.runa.wfe.execution.dto.WfProcess;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.presentation.BatchPresentationFactory;
-import ru.runa.wfe.security.AuthenticationException;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.DefinitionService;
@@ -45,7 +41,6 @@
 import ru.runa.wfe.service.TaskService;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Actor;
-import ru.runa.wfe.user.ExecutorDoesNotExistException;
 import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
@@ -54,157 +49,94 @@ public class WfServiceTestHelper extends ServiceTestHelper {
     private static final String PROCESS_DEFINITION_ADMINISTRATORS = "Process Definition Administrators";
 
     public final static String VALID_FILE_NAME = "validProcess.par";
-
     public final static String ONE_SWIMLANE_FILE_NAME = "oneSwimlaneProcess.par";
-
     public final static String INVALID_FILE_NAME = "invalidProcess.par";
-
     public final static String NONEXISTINGSWIMLINES_FILE_NAME = "NonExistingSwimlanes.par";
-
     public final static String ORGANIZATION_FUNCTION_PAR_FILE_NAME = "organizationfunction.par";
 
     public final static String VALID_PROCESS_NAME = "validProcess";
-
     public final static String ONE_SWIMLANE_PROCESS_NAME = "oneSwimlaneProcess";
-
     public final static String INVALID_PROCESS_NAME = "invalidProcess";
-
     public final static String SWIMLANE_PROCESS_NAME = "swimlaneProcess";
-
     public final static String LONG_WITH_VARIABLES_PROCESS_NAME = "longProcessWithVariables";
-
     public final static String SWIMLANE_PROCESS_FILE_NAME = "swimlaneProcess.par";
-
     public final static String DECISION_JPDL_PROCESS_NAME = "jpdlDecisionTestProcess";
-
     public final static String DECISION_JPDL_PROCESS_FILE_NAME = "jpdlDecisionTestProcess.par";
-
     public final static String FORK_JPDL_1_PROCESS_NAME = "jpdlFork1TestProcess";
-
     public final static String FORK_JPDL_1_PROCESS_FILE_NAME = "jpdlFork1TestProcess.par";
-
     public final static String FORK_JPDL_2_PROCESS_NAME = "jpdlFork2TestProcess";
-
     public final static String FORK_JPDL_2_PROCESS_FILE_NAME = "jpdlFork2TestProcess.par";
-
     public final static String FORK_FAULT_JPDL_PROCESS_NAME = "jpdlForkFaultTestProcess";
-
     public final static String FORK_FAULT_JPDL_PROCESS_FILE_NAME = "jpdlForkFaultTestProcess.par";
-
     public final static String LONG_WITH_VARIABLES_PROCESS_FILE_NAME = "longProcessWithVariables.par";
-
     public final static String TIMER_PROCESS_NAME = "timerProcess";
-
     public final static String SWIMLANE_SAME_GROUP_SEQ_PROCESS_NAME = "sameGroupRoleStateSequence";
 
+    @Getter
     protected DefinitionService definitionService;
-
+    @Getter
     protected ExecutionService executionService;
-
+    @Getter
     protected TaskService taskService;
 
     private byte[] validDefinition;
-
     private byte[] invalidDefinition;
-
     private byte[] nonExistingSwimlanesDefinition;
 
     private final static String HR_ACTOR_NAME = "HrOperator";
-
     private final static String HR_ACTOR_PWD = "HrOperator";
 
     private final static String SWIMLANE2_ACTOR_NAME = "ErpOperator";
-
     private final static String SWIMLANE2_ACTOR_PWD = "ErpOperator";
-
     private final static String SWIMLANE1_GROUP_NAME = "BossGroup";
 
     private Actor erpOperator = null;
-
-    private User erpOperatorUser = null;
-
+    @Getter
+    private User  erpOperatorUser = null;
     private Actor hrOperator = null;
-
-    private User hrOperatorUser = null;
-
+    @Getter
+    private User  hrOperatorUser = null;
     private Group bossGroup = null;
 
-    public WfServiceTestHelper(String testClassPrefixName) throws Exception {
+    public WfServiceTestHelper(String testClassPrefixName) {
         super(testClassPrefixName);
         createDelegates();
         createSampleDefinitions();
         createSwimlaneExecutors();
     }
 
-    private void createSwimlaneExecutors() throws InternalApplicationException {
+    private void createSwimlaneExecutors() {
         erpOperator = createActorIfNotExist(SWIMLANE2_ACTOR_NAME, "Actor in swimlane of test process");
         getExecutorService().setPassword(getAdminUser(), erpOperator, SWIMLANE2_ACTOR_PWD);
         hrOperator = createActorIfNotExist(HR_ACTOR_NAME, "Actor in HR");
         getExecutorService().setPassword(getAdminUser(), hrOperator, HR_ACTOR_PWD);
         bossGroup = createGroupIfNotExist(SWIMLANE1_GROUP_NAME, "Group in swimlane of test process");
-        List<Permission> p = Lists.newArrayList(Permission.LOGIN);
-        getAuthorizationService().setPermissions(getAdminUser(), erpOperator.getId(), p, SecuredSingleton.EXECUTORS);
+        getAuthorizationService().setPermissions(getAdminUser(), erpOperator.getId(), Lists.newArrayList(Permission.LOGIN), SecuredSingleton.SYSTEM);
         erpOperatorUser = Delegates.getAuthenticationService().authenticateByLoginPassword(erpOperator.getName(), SWIMLANE2_ACTOR_PWD);
         hrOperatorUser = Delegates.getAuthenticationService().authenticateByLoginPassword(hrOperator.getName(), HR_ACTOR_PWD);
     }
 
-    /**
-     * @return Returns the hrOperator.
-     * @throws ExecutorDoesNotExistException
-     * @throws AuthenticationException
-     * @throws AuthorizationException
-     * @throws InternalApplicationException
-     */
-    public Actor getHrOperator() throws InternalApplicationException {
+    public Actor getHrOperator() {
         return getExecutorService().getExecutor(getAdminUser(), hrOperator.getId());
     }
 
-    /**
-     * @return Returns the hrOperatorUser.
-     */
-    public User getHrOperatorUser() {
-        return hrOperatorUser;
-    }
-
-    /**
-     * @return Returns the bossGroup.
-     * @throws ExecutorDoesNotExistException
-     * @throws AuthenticationException
-     * @throws AuthorizationException
-     * @throws InternalApplicationException
-     */
-    public Group getBossGroup() throws InternalApplicationException {
+    public Group getBossGroup() {
         return getExecutorService().getExecutor(getAdminUser(), bossGroup.getId());
     }
 
-    /**
-     * @return Returns the erpOperator.
-     * @throws ExecutorDoesNotExistException
-     * @throws AuthenticationException
-     * @throws AuthorizationException
-     * @throws InternalApplicationException
-     */
-    public Actor getErpOperator() throws InternalApplicationException {
+    public Actor getErpOperator() {
         return getExecutorService().getExecutor(getAdminUser(), erpOperator.getId());
     }
 
-    /**
-     * @return Returns the erpOperatorUser.
-     */
-    public User getErpOperatorUser() {
-        return erpOperatorUser;
-    }
-
-    private void createSampleDefinitions() throws IOException {
+    private void createSampleDefinitions() {
         validDefinition = readBytesFromFile(VALID_FILE_NAME);
         invalidDefinition = readBytesFromFile(INVALID_FILE_NAME);
         nonExistingSwimlanesDefinition = readBytesFromFile(NONEXISTINGSWIMLINES_FILE_NAME);
     }
 
     @Override
-    public void releaseResources() throws InternalApplicationException {
+    public void releaseResources() {
         definitionService = null;
-
         executionService = null;
         erpOperator = null;
         erpOperatorUser = null;
@@ -212,24 +144,17 @@ public void releaseResources() throws InternalApplicationException {
         super.releaseResources();
     }
 
-    public void setPermissionsToAuthorizedPerformerOnDefinition(Collection<Permission> permissions, WfDefinition definition)
-            throws InternalApplicationException {
-        authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, definition);
-    }
-
-    public void setPermissionsToAuthorizedPerformerOnDefinitions(Collection<Permission> permissions) throws InternalApplicationException {
-        authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, SecuredSingleton.DEFINITIONS);
+    public void setPermissionsToAuthorizedActorOnDefinition(Collection<Permission> permissions, WfDefinition definition) {
+        authorizationService.setPermissions(adminUser, getAuthorizedActor().getId(), permissions, definition);
     }
 
-    public void setPermissionsToAuthorizedPerformerOnProcessInstance(Collection<Permission> permissions, WfProcess instance)
-            throws InternalApplicationException {
-        authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, instance);
+    public void setPermissionsToAuthorizedActorOnProcessInstance(Collection<Permission> permissions, WfProcess instance) {
+        authorizationService.setPermissions(adminUser, getAuthorizedActor().getId(), permissions, instance);
     }
 
-    public void setPermissionsToAuthorizedPerformerOnDefinitionByName(Collection<Permission> permissions, String processDefinitionName)
-            throws InternalApplicationException {
+    public void setPermissionsToAuthorizedActorOnDefinitionByName(Collection<Permission> permissions, String processDefinitionName) {
         WfDefinition definition = definitionService.getLatestProcessDefinition(adminUser, processDefinitionName);
-        authorizationService.setPermissions(adminUser, getAuthorizedPerformerActor().getId(), permissions, definition);
+        authorizationService.setPermissions(adminUser, getAuthorizedActor().getId(), permissions, definition);
     }
 
     public byte[] getValidProcessDefinition() {
@@ -246,37 +171,33 @@ public byte[] getProcessDefinitionWithNonExistingSwimlanes() {
 
     public void deployValidProcessDefinition() {
         try {
-            Collection<Permission> deployPermissions = Lists.newArrayList(Permission.CREATE);
-            setPermissionsToAuthorizedPerformerOnDefinitions(deployPermissions);
-            definitionService.deployProcessDefinition(getAuthorizedPerformerUser(), getValidProcessDefinition(), Lists.newArrayList("testProcess"));
-            Collection<Permission> clearPermissions = Lists.newArrayList();
-            setPermissionsToAuthorizedPerformerOnDefinitions(clearPermissions);
+            setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_DEFINITION), SecuredSingleton.SYSTEM);
+            definitionService.deployProcessDefinition(getAuthorizedUser(), getValidProcessDefinition(), Lists.newArrayList("testProcess"));
+            setPermissionsToAuthorizedActor(Lists.newArrayList(), SecuredSingleton.SYSTEM);
         } catch (DefinitionAlreadyExistException e) {
+            // Ignore.
         }
     }
 
-    public void undeployValidProcessDefinition() throws InternalApplicationException {
-        Collection<Permission> undeployPermissions = Lists.newArrayList(Permission.ALL);
-        setPermissionsToAuthorizedPerformerOnDefinitions(undeployPermissions);
-        definitionService.undeployProcessDefinition(getAuthorizedPerformerUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
+    public void undeployValidProcessDefinition() {
+        setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.DELETE), WfServiceTestHelper.VALID_PROCESS_NAME);
+        definitionService.undeployProcessDefinition(getAuthorizedUser(), WfServiceTestHelper.VALID_PROCESS_NAME, null);
     }
 
-    public void deployValidProcessDefinition(String parResourceName) throws IOException {
+    public void deployValidProcessDefinition(String parResourceName) {
         try {
-            Collection<Permission> deployPermissions = Lists.newArrayList(Permission.CREATE);
-            setPermissionsToAuthorizedPerformerOnDefinitions(deployPermissions);
-            definitionService.deployProcessDefinition(getAuthorizedPerformerUser(), readBytesFromFile(parResourceName),
+            setPermissionsToAuthorizedActor(Lists.newArrayList(Permission.CREATE_DEFINITION), SecuredSingleton.SYSTEM);
+            definitionService.deployProcessDefinition(getAuthorizedUser(), readBytesFromFile(parResourceName),
                     Lists.newArrayList("testProcess"));
-            Collection<Permission> clearPermissions = Lists.newArrayList();
-            setPermissionsToAuthorizedPerformerOnDefinitions(clearPermissions);
+            setPermissionsToAuthorizedActor(Lists.newArrayList(), SecuredSingleton.SYSTEM);
         } catch (DefinitionAlreadyExistException e) {
+            // Ignore.
         }
     }
 
-    public void undeployValidProcessDefinition(String parDefinitionName) throws InternalApplicationException {
-        Collection<Permission> undeployPermissions = Lists.newArrayList(Permission.ALL);
-        setPermissionsToAuthorizedPerformerOnDefinitions(undeployPermissions);
-        definitionService.undeployProcessDefinition(getAuthorizedPerformerUser(), parDefinitionName, null);
+    public void undeployValidProcessDefinition(String parDefinitionName) {
+        setPermissionsToAuthorizedActorOnDefinitionByName(Lists.newArrayList(Permission.DELETE), parDefinitionName);
+        definitionService.undeployProcessDefinition(getAuthorizedUser(), parDefinitionName, null);
     }
 
     private void createDelegates() {
@@ -287,19 +208,7 @@ private void createDelegates() {
         Delegates.getSystemService().setSetting(SystemProperties.CONFIG_FILE_NAME, "undefined.variables.allowed", "true");
     }
 
-    public DefinitionService getDefinitionService() {
-        return definitionService;
-    }
-
-    public ExecutionService getExecutionService() {
-        return executionService;
-    }
-
-    public TaskService getTaskService() {
-        return taskService;
-    }
-
-    public Group getProcessDefinitionAdministratorsGroup() throws InternalApplicationException {
+    public Group getProcessDefinitionAdministratorsGroup() {
         return (Group) getExecutor(PROCESS_DEFINITION_ADMINISTRATORS);
     }
 
@@ -327,14 +236,15 @@ public BatchPresentation getTaskBatchPresentation(String presentationId) {
         return BatchPresentationFactory.PROCESSES.createDefault(presentationId);
     }
 
-    public static byte[] readBytesFromFile(String fileName) throws IOException {
+    @SneakyThrows
+    public static byte[] readBytesFromFile(String fileName) {
         InputStream is = WfServiceTestHelper.class.getResourceAsStream(fileName);
         return ByteStreams.toByteArray(is);
     }
 
     public static Map<String, Object> createVariablesMap(String variableName, Object variableValue) {
-        Map<String, Object> variablesMap = new HashMap<String, Object>();
-        variablesMap.put(variableName, variableValue);
-        return variablesMap;
+        val vars = new HashMap<String, Object>();
+        vars.put(variableName, variableValue);
+        return vars;
     }
 }
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_AddSet_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_AddSet_script.xml
index 3ad0b063a4..2a8918299a 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_AddSet_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_AddSet_script.xml
@@ -21,15 +21,13 @@
 	</setPermissions>
 
 	<addPermissions type="EXECUTOR" name="employee" executor="dorothy">
-		<permission name="LIST"/>
-		<permission name="READ"/>
-		<permission name="VIEW_TASKS"/>
+		<permission name="UPDATE"/>
+		<permission name="UPDATE_PERMISSIONS"/>
 	</addPermissions>
 	
-	<setPermissions type="EXECUTOR" name="employee" executor="dorothy">		
-		<permission name="UPDATE"/>
-		<permission name="UPDATE_STATUS"/>
-		<permission name="DELETE"/>
+	<setPermissions type="EXECUTOR" name="employee" executor="dorothy">
+		<permission name="READ"/>
+		<permission name="VIEW_TASKS"/>
 	</setPermissions>
          
 	<addPermissions type="EXECUTOR" name="employee" executor="employee">
@@ -49,25 +47,14 @@
 		<permission name="UPDATE"/>
 	</setPermissions>
 
-	<addPermissions type="EXECUTORS" executor="employee">
-		<permission name="LOGIN"/>		
-	</addPermissions>
-	
-	<setPermissions type="EXECUTORS" executor="employee">
-		<permission name="UPDATE"/>
-		<permission name="CREATE"/>
-	</setPermissions>
-	
-	<addPermissions type="DEFINITIONS" executor="employee">
-		<permission name="LIST"/>
-		<permission name="READ"/>		
+	<addPermissions type="SYSTEM" executor="employee">
+		<permission name="LOGIN"/>
+		<permission name="CREATE_EXECUTOR"/>
+		<permission name="CREATE_DEFINITION"/>
 	</addPermissions>
 	
-	<setPermissions type="DEFINITIONS" executor="employee">
-		<permission name="CREATE"/>
-		<permission name="UPDATE"/>
-		<permission name="START"/>
-		<permission name="READ_PROCESS"/>
-		<permission name="CANCEL_PROCESS"/>		
+	<setPermissions type="SYSTEM" executor="employee">
+		<permission name="READ"/>
+		<permission name="VIEW_LOGS"/>
 	</setPermissions>
 </workflowScript>
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Create_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Create_script.xml
index 5142c4e6a0..735c50202d 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Create_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Create_script.xml
@@ -21,5 +21,4 @@
 	<addExecutorsToGroup name="boss">
 		<executor name="dorothy"/>
 	</addExecutorsToGroup>
-
 </workflowScript>
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Remove_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Remove_script.xml
index d655568c5e..04af378aca 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Remove_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_Remove_script.xml
@@ -21,69 +21,53 @@
 	<setPermissions type="EXECUTOR" name="toto" executor="dorothy">
 	    <permission name="READ"/>
 		<permission name="UPDATE"/>
-		<permission name="LIST"/>
+		<permission name="VIEW_TASKS"/>
 	</setPermissions>
 	
 	<removePermissions type="EXECUTOR" name="toto" executor="dorothy">
-		<permission name="LIST"/>
+		<permission name="VIEW_TASKS"/>
 	</removePermissions>
 
 	<setPermissions type="EXECUTOR" name="employee" executor="dorothy">
 		<permission name="READ"/>
 		<permission name="UPDATE"/>
-		<permission name="UPDATE_STATUS"/>
+		<permission name="UPDATE_PERMISSIONS"/>
 	</setPermissions>
 		
 	<removePermissions type="EXECUTOR" name="employee" executor="dorothy">
-		<permission name="UPDATE_STATUS"/>
+		<permission name="UPDATE_PERMISSIONS"/>
 	</removePermissions>
         
 	<addPermissions type="EXECUTOR" name="employee" executor="employee">	
-		<permission name="LIST"/>
 		<permission name="READ"/>
 		<permission name="UPDATE"/>
-		<permission name="DELETE"/>
+		<permission name="UPDATE_PERMISSIONS"/>
 		<permission name="VIEW_TASKS"/>		
 	</addPermissions>
 	
 	<removePermissions type="EXECUTOR" name="employee" executor="employee">
-	    <permission name="LIST"/>
 		<permission name="UPDATE"/>
+	    <permission name="UPDATE_PERMISSIONS"/>
 	</removePermissions>
 	
 	<addPermissions type="EXECUTOR" name="tin" executor="employee">
 		<permission name="READ"/>
 		<permission name="UPDATE"/>>
+		<permission name="UPDATE_ACTOR_STATUS"/>>
 	</addPermissions>
 
 	<removePermissions type="EXECUTOR" name="tin" executor="employee">			
 		<permission name="UPDATE"/>
 	</removePermissions>
 	
-	<setPermissions type="EXECUTORS" executor="employee">
+	<setPermissions type="SYSTEM" executor="employee">
 		<permission name="READ"/>
-		<permission name="UPDATE"/>
 		<permission name="LOGIN"/>
-		<permission name="CREATE"/>		
+		<permission name="CREATE_DEFINITION"/>
+		<permission name="CREATE_EXECUTOR"/>
 	</setPermissions>
 	
-	<removePermissions type="EXECUTORS" executor="employee">			
-		<permission name="UPDATE"/>
+	<removePermissions type="SYSTEM" executor="employee">
+		<permission name="LOGIN"/>
 	</removePermissions>
-	
-	<setPermissions type="DEFINITIONS" executor="employee">
-		<permission name="CREATE"/>
-		<permission name="UPDATE"/>
-		<permission name="START"/>
-		<permission name="READ"/>
-		<permission name="READ_PROCESS"/>
-		<permission name="CANCEL_PROCESS"/>
-	</setPermissions>
-
-	<removePermissions type="DEFINITIONS" executor="employee">		
-		<permission name="READ"/>
-		<permission name="READ_PROCESS"/>
-		<permission name="CANCEL_PROCESS"/>
-	</removePermissions>	
-
 </workflowScript>
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_SetAdd_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_SetAdd_script.xml
index ea1a11f24f..8e941dc300 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_SetAdd_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/executor_SetAdd_script.xml
@@ -12,7 +12,7 @@
 	</addExecutorsToGroup>
 
 	<setPermissions type="EXECUTOR" name="toto" executor="dorothy">		
-		<permission name="LIST"/>
+		<permission name="VIEW_TASKS"/>
 	</setPermissions>
 
 	<addPermissions type="EXECUTOR" name="toto" executor="dorothy">
@@ -21,20 +21,20 @@
 	</addPermissions>
 
 	<setPermissions type="EXECUTOR" name="employee" executor="dorothy">
-		<permission name="LIST"/>
-		<permission name="READ"/>		
+		<permission name="READ"/>
+		<permission name="VIEW_TASKS"/>
 	</setPermissions>
 
 	<addPermissions type="EXECUTOR" name="employee" executor="dorothy">
 		<permission name="UPDATE"/>
-		<permission name="DELETE"/>		
+		<permission name="UPDATE_PERMISSIONS"/>
 	</addPermissions>
          
 	<addPermissions type="EXECUTOR" name="employee" executor="employee">
-		<permission name="LIST"/>
 		<permission name="READ"/>
+		<permission name="VIEW_TASKS"/>
 		<permission name="UPDATE"/>
-		<permission name="DELETE"/>
+		<permission name="UPDATE_PERMISSIONS"/>
 	</addPermissions>
 
 	<addPermissions type="EXECUTOR" name="tin" executor="employee">
@@ -42,26 +42,13 @@
 		<permission name="UPDATE"/>
 	</addPermissions>
 
-	<setPermissions type="EXECUTORS" executor="employee">
-		<permission name="READ"/>
-		<permission name="UPDATE"/>
-	</setPermissions>
-
-	<addPermissions type="EXECUTORS" executor="employee">
+	<setPermissions type="SYSTEM" executor="employee">
 		<permission name="LOGIN"/>
-		<permission name="CREATE"/>		
-	</addPermissions>
-			
-	<setPermissions type="DEFINITIONS" executor="employee">
-		<permission name="CREATE"/>
-		<permission name="UPDATE"/>
-		<permission name="START"/>		
+		<permission name="READ"/>
 	</setPermissions>
 
-	<addPermissions type="DEFINITIONS" executor="employee">		
-		<permission name="READ"/>
-		<permission name="READ_PROCESS"/>
-		<permission name="CANCEL_PROCESS"/>
+	<addPermissions type="SYSTEM" executor="employee">
+		<permission name="CREATE_DEFINITION"/>
+		<permission name="CREATE_EXECUTOR"/>
 	</addPermissions>
-	
 </workflowScript>
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_AddSet_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_AddSet_script.xml
index 8a1fdc677e..e86d5fbd6e 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_AddSet_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_AddSet_script.xml
@@ -3,9 +3,9 @@
 	 <!-- Sample wfe script add set process permissions-->
 	
 	<addPermissions type="DEFINITION" name="validProcess" executor="employee">
-		<permission name="LIST"/>
+		<permission name="DELETE"/>
 		<permission name="UPDATE"/>
-		<permission name="START"/>
+		<permission name="START_PROCESS"/>
 		<permission name="READ"/>
 		<permission name="READ_PROCESS"/>
 		<permission name="CANCEL_PROCESS"/>
@@ -24,6 +24,4 @@
 		<permission name="READ_PROCESS"/>
 		<permission name="CANCEL_PROCESS"/>
 	</addPermissions>
-
-
 </workflowScript>
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_Remove_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_Remove_script.xml
index b0e6eb6bed..abe47d756c 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_Remove_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_Remove_script.xml
@@ -3,14 +3,14 @@
 	 <!-- Sample wfe script set add process permissions-->
 		
 	<setPermissions type="DEFINITION" name="validProcess" executor="employee">
-		<permission name="LIST"/>				
-		<permission name="START"/>
+		<permission name="DELETE"/>
+		<permission name="START_PROCESS"/>
 		<permission name="READ_PROCESS"/>
 		<permission name="CANCEL_PROCESS"/>
 	</setPermissions>
 	
 	<removePermissions type="DEFINITION" name="validProcess" executor="employee">
-		<permission name="LIST"/>		
+		<permission name="DELETE"/>
 		<permission name="CANCEL_PROCESS"/>
 	</removePermissions>
 	
@@ -22,5 +22,4 @@
     <addPermissions type="DEFINITION" name="validProcess" executor="employee">
 		<permission name="READ_PROCESS"/>		
 	</addPermissions>
-
 </workflowScript>
diff --git a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_SetAdd_script.xml b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_SetAdd_script.xml
index bc32925264..f99b0c37da 100644
--- a/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_SetAdd_script.xml
+++ b/wfe-cactus-it/src/test/resources/ru/runa/wf/service/process_SetAdd_script.xml
@@ -9,7 +9,7 @@
 	
 	<addPermissions type="DEFINITION" name="validProcess" executor="employee">
 		<permission name="UPDATE"/>
-		<permission name="START"/>		
+		<permission name="START_PROCESS"/>
 		<permission name="READ_PROCESS"/>
 		<permission name="CANCEL_PROCESS"/>
 	</addPermissions>
@@ -22,6 +22,4 @@
 	<addPermissions type="DEFINITION" name="validProcess" executor="employee">
 		<permission name="CANCEL_PROCESS"/>
 	</addPermissions>
-
-
 </workflowScript>
diff --git a/wfe-core/src/main/java/ru/runa/wfe/InternalApplicationException.java b/wfe-core/src/main/java/ru/runa/wfe/InternalApplicationException.java
index e40a124ec7..e429c87507 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/InternalApplicationException.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/InternalApplicationException.java
@@ -24,7 +24,7 @@
  * 
  * @author Dofs
  */
-@ApplicationException(inherited = true, rollback = true)
+@ApplicationException(rollback = true)
 public class InternalApplicationException extends RuntimeException {
     private static final long serialVersionUID = 1L;
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java
index 973799b5d2..71aaa9768d 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/audit/logic/AuditLogic.java
@@ -51,13 +51,13 @@ public class AuditLogic extends CommonLogic {
     private NodeProcessDao nodeProcessDao;
 
     public void login(User user) {
-        permissionDao.checkAllowed(user, Permission.LOGIN, SecuredSingleton.EXECUTORS);
+        permissionDao.checkAllowed(user, Permission.LOGIN, SecuredSingleton.SYSTEM);
     }
 
     public ProcessLogs getProcessLogs(User user, ProcessLogFilter filter) {
         Preconditions.checkNotNull(filter.getProcessId(), "filter.processId");
         ru.runa.wfe.execution.Process process = processDao.getNotNull(filter.getProcessId());
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         ProcessLogs result = new ProcessLogs(filter.getProcessId());
         List<ProcessLog> logs = processLogDao.getAll(filter);
         result.addLogs(logs, filter.isIncludeSubprocessLogs());
@@ -75,7 +75,7 @@ public ProcessLogs getProcessLogs(User user, ProcessLogFilter filter) {
     public Object getProcessLogValue(User user, Long logId) {
         Preconditions.checkNotNull(logId, "logId");
         ProcessLog processLog = processLogDao.getNotNull(logId);
-        permissionDao.checkAllowed(user, Permission.LIST, SecuredObjectType.PROCESS, processLog.getProcessId());
+        permissionDao.checkAllowed(user, Permission.READ, SecuredObjectType.PROCESS, processLog.getProcessId());
         return processLog.getBytesObject();
     }
 
@@ -89,7 +89,7 @@ public Object getProcessLogValue(User user, Long logId) {
      * @return Loaded system logs.
      */
     public List<SystemLog> getSystemLogs(User user, BatchPresentation batchPresentation) {
-        permissionDao.checkAllowed(user, Permission.LIST, SecuredSingleton.LOGS);
+        permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM);
         PresentationConfiguredCompiler<SystemLog> compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation);
         return compiler.getBatch();
     }
@@ -104,7 +104,7 @@ public List<SystemLog> getSystemLogs(User user, BatchPresentation batchPresentat
      * @return System logs count.
      */
     public int getSystemLogsCount(User user, BatchPresentation batchPresentation) {
-        permissionDao.checkAllowed(user, Permission.LIST, SecuredSingleton.LOGS);
+        permissionDao.checkAllowed(user, Permission.VIEW_LOGS, SecuredSingleton.SYSTEM);
         PresentationConfiguredCompiler<SystemLog> compiler = PresentationCompilerHelper.createAllSystemLogsCompiler(user, batchPresentation);
         return compiler.getCount();
     }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/bot/logic/BotLogic.java b/wfe-core/src/main/java/ru/runa/wfe/bot/logic/BotLogic.java
index bb14ac7022..de87a030c7 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/bot/logic/BotLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/bot/logic/BotLogic.java
@@ -55,7 +55,7 @@ public List<BotStation> getBotStations() {
     }
 
     public BotStation createBotStation(User user, BotStation botStation) throws BotStationAlreadyExistsException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         if (botStationDao.get(botStation.getName()) != null) {
             throw new BotStationAlreadyExistsException(botStation.getName());
         }
@@ -63,7 +63,7 @@ public BotStation createBotStation(User user, BotStation botStation) throws BotS
     }
 
     public void updateBotStation(User user, BotStation botStation) throws BotStationAlreadyExistsException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         BotStation botStationToCheck = getBotStation(botStation.getName());
         if (botStationToCheck != null && !Objects.equal(botStationToCheck.getId(), botStation.getId())) {
             throw new BotStationAlreadyExistsException(botStation.getName());
@@ -84,7 +84,7 @@ public BotStation getBotStationNotNull(String name) throws BotStationDoesNotExis
     }
 
     public void removeBotStation(User user, Long id) throws BotStationDoesNotExistException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         List<Bot> bots = getBots(user, id);
         for (Bot bot : bots) {
             removeBot(user, bot.getId());
@@ -93,7 +93,7 @@ public void removeBotStation(User user, Long id) throws BotStationDoesNotExistEx
     }
 
     public Bot createBot(User user, Bot bot) throws BotAlreadyExistsException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         Preconditions.checkNotNull(bot.getBotStation());
         if (getBot(user, bot.getBotStation().getId(), bot.getUsername()) != null) {
             throw new BotAlreadyExistsException(bot.getUsername());
@@ -110,29 +110,29 @@ public Bot createBot(User user, Bot bot) throws BotAlreadyExistsException {
     }
 
     public List<Bot> getBots(User user, Long botStationId) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         return botDao.getAll(botStationId);
     }
 
     public Bot getBotNotNull(User user, Long id) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         return botDao.getNotNull(id);
     }
 
     public Bot getBot(User user, Long botStationId, String name) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         BotStation botStation = getBotStationNotNull(botStationId);
         return botDao.get(botStation, name);
     }
 
     public Bot getBotNotNull(User user, Long botStationId, String name) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         BotStation botStation = getBotStationNotNull(botStationId);
         return botDao.getNotNull(botStation, name);
     }
 
     public Bot updateBot(User user, Bot bot, boolean incrementBotStationVersion) throws BotAlreadyExistsException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         Preconditions.checkNotNull(bot.getBotStation());
         Bot botToCheck = getBot(user, bot.getBotStation().getId(), bot.getUsername());
         if (botToCheck != null && !Objects.equal(botToCheck.getId(), bot.getId())) {
@@ -147,7 +147,7 @@ public Bot updateBot(User user, Bot bot, boolean incrementBotStationVersion) thr
     }
 
     public void removeBot(User user, Long id) throws BotDoesNotExistException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         List<BotTask> tasks = getBotTasks(user, id);
         for (BotTask botTask : tasks) {
             removeBotTask(user, botTask.getId());
@@ -162,7 +162,7 @@ public void removeBot(User user, Long id) throws BotDoesNotExistException {
     }
 
     public BotTask createBotTask(User user, BotTask botTask) throws BotTaskAlreadyExistsException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         Preconditions.checkNotNull(botTask.getBot());
         if (getBotTask(user, botTask.getBot().getId(), botTask.getName()) != null) {
             throw new BotTaskAlreadyExistsException(botTask.getName());
@@ -173,30 +173,30 @@ public BotTask createBotTask(User user, BotTask botTask) throws BotTaskAlreadyEx
     }
 
     public List<BotTask> getBotTasks(User user, Long id) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         Bot bot = getBotNotNull(user, id);
         return botTaskDao.getAll(bot);
     }
 
     public BotTask getBotTaskNotNull(User user, Long id) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         return botTaskDao.getNotNull(id);
     }
 
     public BotTask getBotTask(User user, Long botId, String name) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         Bot bot = getBotNotNull(user, botId);
         return botTaskDao.get(bot, name);
     }
 
     public BotTask getBotTaskNotNull(User user, Long botId, String name) {
-        checkPermission(user);
+        checkPermission(user, Permission.READ);
         Bot bot = getBotNotNull(user, botId);
         return botTaskDao.getNotNull(bot, name);
     }
 
     public void updateBotTask(User user, BotTask botTask) throws BotTaskAlreadyExistsException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         Preconditions.checkNotNull(botTask.getBot());
         BotTask botTaskToCheck = getBotTask(user, botTask.getBot().getId(), botTask.getName());
         if (botTaskToCheck != null && !Objects.equal(botTaskToCheck.getId(), botTask.getId())) {
@@ -211,16 +211,16 @@ public void updateBotTask(User user, BotTask botTask) throws BotTaskAlreadyExist
     }
 
     public void removeBotTask(User user, Long id) throws BotTaskDoesNotExistException {
-        checkPermission(user);
+        checkPermission(user, Permission.UPDATE);
         BotTask botTask = getBotTaskNotNull(user, id);
         botTaskDao.delete(id);
         incrementBotStationVersion(botTask);
     }
 
-    private void checkPermission(User user) {
+    private void checkPermission(User user, Permission p) {
         // Bot can read botstation. UPD: Since rm660 there's only ALL permission on BOTSTATIONS.
         if (!botDao.isBot(user)) {
-            permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.BOTSTATIONS);
+            permissionDao.checkAllowed(user, p, SecuredSingleton.BOTSTATIONS);
         }
     }
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java b/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java
index 7a4961c303..8211ea480b 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/SystemProperties.java
@@ -229,10 +229,6 @@ public static boolean isAutoInvocationLocalBotStationEnabled() {
         return RESOURCES.getBooleanProperty("auto.invocation.local.botstation.enabled", true);
     }
 
-    public static boolean isUpdateProcessVariablesInAPIEnabled() {
-        return RESOURCES.getBooleanProperty("executionServiceAPI.updateVariables.enabled", false);
-    }
-
     public static boolean isExecuteGroovyScriptInAPIEnabled() {
         return RESOURCES.getBooleanProperty("scriptingServiceAPI.executeGroovyScript.enabled", false);
     }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/Utils.java b/wfe-core/src/main/java/ru/runa/wfe/commons/Utils.java
index 91a24607ef..9df7bc15da 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/Utils.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/Utils.java
@@ -16,7 +16,6 @@
 import javax.jms.Connection;
 import javax.jms.ConnectionFactory;
 import javax.jms.JMSException;
-import javax.jms.Message;
 import javax.jms.MessageProducer;
 import javax.jms.ObjectMessage;
 import javax.jms.Queue;
@@ -161,7 +160,10 @@ public static ObjectMessage sendBpmnMessage(Map<String, String> routingData, Map
             for (Map.Entry<String, String> entry : routingData.entrySet()) {
                 message.setStringProperty(entry.getKey(), entry.getValue());
             }
-            sender.send(message, Message.DEFAULT_DELIVERY_MODE, Message.DEFAULT_PRIORITY, ttlInMilliSeconds);
+            if (ttlInMilliSeconds >= 0) {
+                message.setLongProperty(BaseMessageNode.EXPIRATION_PROPERTY, System.currentTimeMillis() + ttlInMilliSeconds);
+            }
+            sender.send(message);
             sender.close();
             log.info("message sent: " + toString(message, false));
             return message;
@@ -188,7 +190,7 @@ public static void sendBpmnErrorMessage(Long processId, String nodeId, Throwable
                 VariableMapping.USAGE_SELECTOR));
         variableMappings
                 .add(new VariableMapping(BaseMessageNode.ERROR_EVENT_MESSAGE, BaseMessageNode.ERROR_EVENT_MESSAGE, VariableMapping.USAGE_READ));
-        Utils.sendBpmnMessage(variableMappings, variableProvider, 60000);
+        Utils.sendBpmnMessage(variableMappings, variableProvider, 0);
     }
 
     public static String getMessageSelectorValue(VariableProvider variableProvider, BaseMessageNode messageNode, VariableMapping mapping) {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/InitializerLogic.java b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/InitializerLogic.java
index ddb1dd139d..9960576cb4 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/InitializerLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/InitializerLogic.java
@@ -65,6 +65,7 @@
 import ru.runa.wfe.commons.dbpatch.impl.NodeTypeChangePatch;
 import ru.runa.wfe.commons.dbpatch.impl.PerformancePatch401;
 import ru.runa.wfe.commons.dbpatch.impl.PermissionMappingPatch403;
+import ru.runa.wfe.commons.dbpatch.impl.RefactorPermissionsBack;
 import ru.runa.wfe.commons.dbpatch.impl.RefactorPermissionsStep1;
 import ru.runa.wfe.commons.dbpatch.impl.RefactorPermissionsStep3;
 import ru.runa.wfe.commons.dbpatch.impl.RefactorPermissionsStep4;
@@ -161,6 +162,7 @@ public class InitializerLogic implements ApplicationListener<ContextRefreshedEve
         patches.add(RefactorPermissionsStep4.class);
         patches.add(EmptyPatch.class); // instead signals...
         patches.add(CreateChatDbPatch.class);
+        patches.add(RefactorPermissionsBack.class);
         dbPatches = Collections.unmodifiableList(patches);
     }
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/CreateChatDbPatch.java b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/CreateChatDbPatch.java
index 1dec34b5c4..aa57813353 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/CreateChatDbPatch.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/CreateChatDbPatch.java
@@ -61,4 +61,4 @@ protected List<String> getDDLQueriesAfter() {
         sql.add(getDDLCreateIndex("CHAT_MESSAGE_RECIPIENT", "IX_CHAT_MESSAGE_RECIPIENT_E_R", "EXECUTOR_ID", "READ_DATE"));
         return sql;
     }
-}
\ No newline at end of file
+}
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsBack.java b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsBack.java
new file mode 100644
index 0000000000..4d46fb7fa9
--- /dev/null
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsBack.java
@@ -0,0 +1,402 @@
+package ru.runa.wfe.commons.dbpatch.impl;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import lombok.AllArgsConstructor;
+import lombok.EqualsAndHashCode;
+import lombok.SneakyThrows;
+import lombok.val;
+import org.apache.commons.lang.StringUtils;
+import org.hibernate.Query;
+import org.hibernate.SQLQuery;
+import org.hibernate.Session;
+import ru.runa.wfe.commons.dbpatch.DbPatch;
+
+/**
+ * See #1586 (reverting some significant changes in permissions UI), #1586-10.
+ */
+public class RefactorPermissionsBack extends DbPatch {
+
+    private static class PMatch {
+        final String type;
+        final boolean hasIds;
+        final String[] perms;
+
+        PMatch (String type, boolean hasIds, String... perms) {
+            this.type = type;
+            this.hasIds = hasIds;
+            this.perms = perms;
+        }
+    }
+
+    private PMatch[] pMatches;
+    private List<String> allTypes;
+
+    public RefactorPermissionsBack() {
+        // ATTENTION!!! This duplicates visible permission lists in ApplicablePermissions configuration.
+        pMatches = new PMatch[] {
+                new PMatch("BOTSTATIONS", false, "READ", "UPDATE_PERMISSIONS", "UPDATE"),
+                new PMatch("DEFINITION", true, "READ", "UPDATE_PERMISSIONS", "UPDATE", "DELETE", "START_PROCESS", "READ_PROCESS", "CANCEL_PROCESS"),
+                new PMatch("EXECUTOR", true, "READ", "UPDATE_PERMISSIONS", "UPDATE", "UPDATE_ACTOR_STATUS", "VIEW_TASKS"),
+                new PMatch("PROCESS", true, "READ", "UPDATE_PERMISSIONS", "CANCEL"),
+                new PMatch("RELATION", true, "READ", "UPDATE_PERMISSIONS", "UPDATE"),
+                new PMatch("RELATIONS", false, "READ", "UPDATE_PERMISSIONS", "UPDATE"),
+                new PMatch("REPORT", true, "READ", "UPDATE_PERMISSIONS", "UPDATE"),
+                new PMatch("REPORTS", false, "READ", "UPDATE_PERMISSIONS", "UPDATE"),
+                new PMatch("SYSTEM", false, "READ", "UPDATE_PERMISSIONS", "LOGIN", "CHANGE_SELF_PASSWORD", "CREATE_EXECUTOR", "CREATE_DEFINITION", "VIEW_LOGS"),
+        };
+
+        allTypes = new ArrayList<>(pMatches.length);
+        for (PMatch pm : pMatches) {
+            allTypes.add(pm.type);
+        }
+    }
+
+
+    @Override
+    @SneakyThrows
+    public void executeDML(Session session) {
+//        if (true) throw new Exception("DEBUG STOP");
+        Connection conn = session.connection();
+
+        // Are we working with RunaWFE 4.3.0 (original RefactorPermissionsStep4 is not yet applied) or 4.4.0?
+        boolean isV43;
+        try (Statement stmt = conn.createStatement()) {
+            // No "limit 1", because Oracle does not understand it.
+            val rs = stmt.executeQuery("select 1 from priveleged_mapping where type='ACTOR'");
+            isV43 = rs.next();
+        }
+
+        if (isV43) {
+            // Postoned RefactorPermissionsStep4 execution to detect (above) which version we are migrating from.
+            // But now we execute it before even former RefactorPermissionsStep3, because this simplifles RefactorPermissionsStep3.
+            executeDML_step4(session);
+            executeDML_step3(session, conn);
+        } else {
+            executeDML_fromV44(session, conn);
+        }
+    }
+
+
+    /**
+     * Migrate 4.3.0 to 4.4.1. Moved 4.4.0's RefactorPermissionsStep3.executeDML() here and edited.
+     * Note that RefactorPermissionStep4 (merging ACTOR and GROUP to EXECUTOR) is already done.
+     *
+     * Adjusts object_type and permission values for rm660, see https://rm.processtech.ru/attachments/download/1210.
+     */
+    @SneakyThrows
+    private void executeDML_step3(Session session, Connection conn) {
+
+        // Refill priveleged_mapping from scratch.
+        {
+            @SuppressWarnings("unchecked")
+            List<Number> executorIds = session.createSQLQuery("select distinct executor_id from priveleged_mapping order by executor_id").list();
+
+            session.createSQLQuery("delete from priveleged_mapping where 1=1").executeUpdate();
+
+            SQLQuery qInsert = session.createSQLQuery("insert into priveleged_mapping(" + insertPkColumn() + "type, executor_id) values (" +
+                    insertPkNextVal("priveleged_mapping") + ":type, :executorId)");
+            for (String t : allTypes) {
+                for (Number e : executorIds) {
+                    qInsert.setParameter("type", t);
+                    qInsert.setParameter("executorId", e);
+                    qInsert.executeUpdate();
+                }
+            }
+        }
+
+
+        // Update permission_mapping.type.
+        try (val stmt = conn.createStatement()) {
+            stmt.executeUpdate("update permission_mapping set object_type = 'REPORTS' where object_type = 'REPORT' and object_id = 0");
+            stmt.executeUpdate("update permission_mapping set object_type = 'BOTSTATIONS' where object_type = 'BOTSTATION'");
+            stmt.executeUpdate("update permission_mapping set object_type = 'RELATIONS' where object_type = 'RELATIONGROUP'");
+        }
+
+
+        // Merge permissions.
+        // - on EXECUTOR: READ, LIST_GROUP into READ;
+        // - on EXECUTOR: ADD_TO_GROUP, REMOVE_FROM_GROUP, UPDATE_EXECUTOR into UPDATE;
+        {
+            @AllArgsConstructor
+            @EqualsAndHashCode
+            class FoundPermission {
+                Long executorId;
+                Long objectId;
+            }
+
+            @AllArgsConstructor
+            @EqualsAndHashCode
+            class MapKey {
+                String objectType;
+                String permission;
+            }
+
+            class MapValue {
+                String[] sourcePermissions;
+                HashSet<FoundPermission> found = new HashSet<>(1000);
+
+                MapValue(String... sourcePermissions) {
+                    this.sourcePermissions = sourcePermissions;
+                }
+            }
+
+            // key.permission is target permission to merge into, value.sourcePermissions are to merge from.
+            Map<MapKey, MapValue> mapTargetToSources = new HashMap<MapKey, MapValue>() {{
+                put(new MapKey("EXECUTOR", "READ"), new MapValue("READ", "LIST_GROUP"));
+                put(new MapKey("EXECUTOR", "UPDATE"), new MapValue("ADD_TO_GROUP", "REMOVE_FROM_GROUP", "UPDATE_EXECUTOR"));
+            }};
+
+            Map<MapKey, MapKey> mapSourceToTarget = new HashMap<>(mapTargetToSources.size());
+            for (val kv : mapTargetToSources.entrySet()) {
+                MapKey k = kv.getKey();
+                for (String p : kv.getValue().sourcePermissions) {
+                    mapSourceToTarget.put(new MapKey(k.objectType, p), k);
+                }
+            }
+
+            val filterObjectTypes = new ArrayList<String>(mapTargetToSources.size());
+            val filterPermissions = new ArrayList<String>(mapTargetToSources.size() * 10);
+            for (val kv : mapTargetToSources.entrySet()) {
+                filterObjectTypes.add(kv.getKey().objectType);
+                filterPermissions.addAll(Arrays.asList(kv.getValue().sourcePermissions));
+            }
+
+            try (
+                    Statement q = conn.createStatement();
+                    PreparedStatement qDelete = conn.prepareStatement("delete from permission_mapping where id = ?");
+                    PreparedStatement qUpdate = conn.prepareStatement("update permission_mapping set permission = ? where id = ?");
+            ) {
+                val rs = q.executeQuery("select id, executor_id, object_type, object_id, permission " +
+                        "from permission_mapping " +
+                        "where object_type in ('" + StringUtils.join(filterObjectTypes, "','") + "') " +
+                        "and permission in ('" + StringUtils.join(filterPermissions, "','") + "')");
+                while (rs.next()) {
+                    String permission = rs.getString(5);
+                    val key = mapSourceToTarget.get(new MapKey(rs.getString(3), permission));
+                    if (key == null) {
+                        // Ignore unknown combination.
+                        continue;
+                    }
+                    val value = mapTargetToSources.get(key);
+                    val found = new FoundPermission(rs.getLong(2), rs.getLong(4));
+                    val id = rs.getLong(1);
+
+                    if (value.found.contains(found)) {
+                        qDelete.setLong(1, id);
+                        qDelete.executeUpdate();
+                    } else {
+                        value.found.add(found);
+                        if (!permission.equals(key.permission)) {
+                            qUpdate.setString(1, key.permission);
+                            qUpdate.setLong(2, id);
+                            qUpdate.executeUpdate();
+                        }
+                    }
+                }
+            }
+        }
+
+
+        // Updates without merging:
+        {
+            String[] specialQueries = new String[] {
+                    "update permission_mapping set permission = 'UPDATE' " +
+                            "where permission in ('BOT_STATION_CONFIGURE', 'REDEPLOY_DEFINITION', 'UPDATE_RELATION', 'DEPLOY_REPORT')",
+
+                    "update permission_mapping set permission = 'DELETE' where object_type = 'DEFINITION' and permission = 'UNDEPLOY_DEFINITION'",
+
+                    "update permission_mapping set permission = 'VIEW_TASKS' " +
+                            "where object_type = 'EXECUTOR' and permission in ('VIEW_ACTOR_TASKS', 'VIEW_GROUP_TASKS')",
+
+                    "update permission_mapping set permission = 'CANCEL' where object_type = 'PROCESS' and permission = 'CANCEL_PROCESS'",
+
+                    "update permission_mapping set permission = 'LOGIN' where object_type = 'SYSTEM' and permission = 'LOGIN_TO_SYSTEM'",
+                    "update permission_mapping set permission = 'CREATE_DEFINITION' where object_type='SYSTEM' and permission = 'DEPLOY_DEFINITION'",
+            };
+            for (String q : specialQueries) {
+                session.createSQLQuery(q).executeUpdate();
+            }
+        }
+
+
+        deleteBadPermissionMappings(session);
+
+
+        // Delete old obsolete batch_permission categories.
+        {
+            session.createSQLQuery("delete from batch_presentation where category in (:categories)")
+                    .setParameterList("categories", new String[] {
+                            "listExecutorsWithoutBotStationPermission",
+                            "listExecutorsWithoutPermissionsOnExecutorForm",
+                            "listExecutorsWithoutPermissionsOnSystemForm",
+                            "listExecutorsWithoutPermissionsOnDefinitionForm",
+                            "listExecutorsWithoutPermissionsOnProcessForm",
+                            "listExecutorsWithoutPermissionsOnRelationForm",
+                            "listExecutorsWithoutPermissionsOnReportsForm",
+                    })
+                    .executeUpdate();
+        }
+    }
+
+
+    /**
+     * Moved 4.4.0's RefactorPermissionsStep4.executeDML() here, unchanged.
+     *
+     * Types ACTOR and GROUP are merged into EXECUTOR for rm718.
+     */
+    private void executeDML_step4(Session session) {
+        // Replace ACTOR and GROUP types with EXECUTOR in permission_mapping
+        // Delete ACTOR and GROUP from priveleged_mapping
+        {
+            session.createSQLQuery("delete from permission_mapping where object_type = 'EXECUTOR'").executeUpdate();
+            session.createSQLQuery("update permission_mapping set object_type = 'EXECUTOR' where object_type = 'ACTOR' or object_type = 'GROUP'")
+                    .executeUpdate();
+            session.createSQLQuery("delete from priveleged_mapping where type = 'EXECUTOR'").executeUpdate();
+            session.createSQLQuery("delete from priveleged_mapping where type = 'GROUP'").executeUpdate();
+            session.createSQLQuery("update priveleged_mapping set type = 'EXECUTOR' where type = 'ACTOR'").executeUpdate();
+        }
+    }
+
+
+    /**
+     * Migrate 4.4.0 to 4.4.1.
+     */
+    @SneakyThrows
+    private void executeDML_fromV44(Session session, Connection conn) {
+        // Replace all LIST permissions with READ.
+        // Since some objects may have both permissions, have to re-insert them to avoid UK violations. To reduce memory usage,
+        // process only object types which can have both permissions and which we are not going to delete below: DEFINITION, EXECUTOR, PROCESS.
+        //
+        // Note on EXECUTOR. RefactorPermissionsStep4 was not touched because:
+        // 1. after RefactorPermissionsStep3, both ACTOR and GROUP had same allowed permission lists (see pMatches array there);
+        // 2. method executeDML() above uses RefactorPermissionsStep4's result to determine which wfe version we are migrating from.
+        {
+            @AllArgsConstructor
+            @EqualsAndHashCode
+            class Row {
+                Long executorId;
+                String objectType;
+                Long objectId;
+            }
+            val rows = new LinkedHashSet<Row>(1000);
+            val sqlSuffix = "from permission_mapping where object_type in ('DEFINITION', 'EXECUTOR', 'PROCESS') and permission in ('LIST', 'READ')";
+            try (Statement stmt = conn.createStatement()) {
+                val rs = stmt.executeQuery("select executor_id, object_type, object_id " + sqlSuffix);
+                while (rs.next()) {
+                    rows.add(new Row(rs.getLong(1), rs.getString(2), rs.getLong(3)));
+                }
+            }
+            try (Statement stmt = conn.createStatement()) {
+                stmt.executeUpdate("delete " + sqlSuffix);
+            }
+
+            try (PreparedStatement stmt = conn.prepareStatement("insert into permission_mapping (" + insertPkColumn() +
+                    "executor_id, object_type, object_id, permission) values (" + insertPkNextVal("permission_mapping") + "?, ?, ?, 'READ')"
+            )) {
+                for (Row r : rows) {
+                    stmt.setLong(1, r.executorId);
+                    stmt.setString(2, r.objectType);
+                    stmt.setLong(3, r.objectId);
+                    stmt.executeUpdate();
+                }
+            }
+        }
+
+
+        // Do everything else.
+        {
+            String[] specialQueries = new String[]{
+                    // Delete UPDATE_STATUS perission for groups, see #1586-27.
+                    "delete from permission_mapping where permission='UPDATE_STATUS' and object_id in (select id from executor where discriminator='Y')",
+
+                    "update permission_mapping set permission = 'UPDATE' " +
+                            "where object_type in ('BOTSTATIONS', 'RELATIONS', 'REPORT', 'REPORTS') and permission = 'ALL'",
+
+                    "update permission_mapping set permission = 'START_PROCESS' where object_type='DEFINITION' and permission = 'START'",
+
+                    "update permission_mapping set permission = 'UPDATE_ACTOR_STATUS' where object_type='EXECUTOR' and permission = 'UPDATE_STATUS'",
+
+                    "update permission_mapping set object_type = 'SYSTEM' where object_type = 'EXECUTORS' and permission = 'LOGIN'",
+
+                    "update permission_mapping set permission = 'READ' where object_type='SYSTEM' and permission = 'ALL'",
+                    "update permission_mapping set permission = 'VIEW_LOGS', object_type = 'SYSTEM' " +
+                            "where object_type='LOGS' and permission = 'ALL'",
+                    "update permission_mapping set permission = 'CREATE_DEFINITION', object_type = 'SYSTEM' " +
+                            "where object_type='DEFINITIONS' and permission = 'CREATE'",
+                    "update permission_mapping set permission = 'CREATE_EXECUTOR', object_type = 'SYSTEM' " +
+                            "where object_type='EXECUTORS' and permission = 'CREATE'",
+            };
+            try (Statement stmt = conn.createStatement()) {
+                for (String sql : specialQueries) {
+                    stmt.executeUpdate(sql);
+                }
+            }
+        }
+
+        deleteBadPermissionMappings(session);
+
+        {
+            // fix RELATION if not exists
+            String type = "RELATION";
+            Number count = (Number) session.createSQLQuery("select count(*) from priveleged_mapping where type = :type").setParameter("type", type)
+                    .uniqueResult();
+            if (count.intValue() == 0) {
+                List<Number> executorIds = session.createSQLQuery("select distinct executor_id from priveleged_mapping order by executor_id").list();
+                SQLQuery qInsert = session.createSQLQuery("insert into priveleged_mapping(" + insertPkColumn() + "type, executor_id) values ("
+                        + insertPkNextVal("priveleged_mapping") + ":type, :executorId)");
+                for (Number e : executorIds) {
+                    qInsert.setParameter("type", type);
+                    qInsert.setParameter("executorId", e);
+                    qInsert.executeUpdate();
+                }
+            }
+        }
+    }
+
+
+    private String insertPkColumn() {
+        switch (dbType) {
+            case ORACLE:
+            case POSTGRESQL:
+                return "id, ";
+            default:
+                return "";
+        }
+    }
+
+    private String insertPkNextVal(String tableName) {
+        switch (dbType) {
+            case ORACLE:
+                return "seq_" + tableName + ".nextval, ";
+            case POSTGRESQL:
+                return "nextval('seq_" + tableName + "'), ";
+            default:
+                return "";
+        }
+    }
+
+    /**
+     * Delete permission_mapping rows which still contain illegal (object type, permission name) combinations.
+     */
+    private void deleteBadPermissionMappings(Session session) {
+        session.createSQLQuery("delete from permission_mapping where object_type not in (:types)").setParameterList("types", allTypes).executeUpdate();
+        session.createSQLQuery("delete from priveleged_mapping where        type not in (:types)").setParameterList("types", allTypes).executeUpdate();
+
+        Query qDeleteWithIds = session.createSQLQuery("delete from permission_mapping where (object_type = :type) and object_id <> 0");
+        Query qDeleteWithoutIds = session.createSQLQuery("delete from permission_mapping where (object_type = :type) and object_id = 0");
+        Query qDeleteBadPerms = session.createSQLQuery("delete from permission_mapping where (object_type = :type) and (permission not in (:permissions))");
+        for (PMatch pm : pMatches) {
+            (pm.hasIds ? qDeleteWithoutIds : qDeleteWithIds).setParameter("type", pm.type).executeUpdate();
+            qDeleteBadPerms.setParameter("type", pm.type).setParameterList("permissions", pm.perms).executeUpdate();
+        }
+    }
+}
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep3.java b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep3.java
index e59ff42b30..a67aae22ca 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep3.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep3.java
@@ -17,11 +17,6 @@
  */
 package ru.runa.wfe.commons.dbpatch.impl;
 
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import org.hibernate.Query;
-import org.hibernate.SQLQuery;
 import org.hibernate.Session;
 import ru.runa.wfe.commons.dbpatch.DbPatch;
 
@@ -30,197 +25,11 @@
  */
 public class RefactorPermissionsStep3 extends DbPatch {
 
+    /**
+     * Implementation was moved to RefactorPermissionsBack.executeDML_step3() and edited.
+     * See #1586, #1586-10.
+     */
     @Override
     public void executeDML(Session session) {
-
-        class PMatch {
-            private final String type;
-            private final boolean hasIds;
-            private final String[] perms;
-
-            private PMatch (String type, boolean hasIds, String... perms) {
-                this.type = type;
-                this.hasIds = hasIds;
-                this.perms = perms;
-            }
-        }
-
-        // ATTENTION!!! This duplicates visible permission lists in ApplicablePermissions configuration.
-        PMatch[] pMatches = new PMatch[] {
-                new PMatch("ACTOR", true, "LIST", "READ", "VIEW_TASKS", "UPDATE", "UPDATE_STATUS", "DELETE"),
-                new PMatch("BOTSTATIONS", false, "ALL"),
-                new PMatch("DATAFILE", false, "ALL"),
-                new PMatch("DEFINITION", true, "ALL", "LIST", "READ", "START", "READ_PROCESS", "CANCEL_PROCESS", "UPDATE"),
-                new PMatch("DEFINITIONS", false, "ALL", "LIST", "READ", "START", "READ_PROCESS", "CANCEL_PROCESS", "CREATE", "UPDATE"),
-                new PMatch("ERRORS", false, "ALL"),
-                new PMatch("EXECUTORS", false, "ALL", "LOGIN", "LIST", "READ", "VIEW_TASKS", "CREATE", "UPDATE", "UPDATE_STATUS", "UPDATE_SELF", "DELETE"),
-                new PMatch("GROUP", true, "LIST", "READ", "VIEW_TASKS", "UPDATE", "UPDATE_STATUS", "DELETE"),
-                new PMatch("LOGS", false, "ALL"),
-                new PMatch("PROCESSES", false, "ALL", "LIST", "READ", "CANCEL"),
-                new PMatch("PROCESS", true, "ALL", "LIST", "READ", "CANCEL"),
-                new PMatch("RELATIONS", false, "ALL"),
-                new PMatch("REPORTS", false, "ALL", "LIST"),
-                new PMatch("REPORT", true, "ALL", "LIST"),
-                new PMatch("SCRIPTS", false, "ALL"),
-                new PMatch("SUBSTITUTION_CRITERIAS", false, "ALL"),
-                new PMatch("SYSTEM", false, "ALL"),
-        };
-
-        List<String> allTypes = new ArrayList<>(pMatches.length);
-        for (PMatch pm : pMatches) {
-            allTypes.add(pm.type);
-        }
-
-
-        // Refill priveleged_mapping from scratch.
-        {
-            @SuppressWarnings("unchecked")
-            List<Number> executorIds = session.createSQLQuery("select distinct executor_id from priveleged_mapping order by executor_id").list();
-
-            String idName, idValue;
-            switch (dbType) {
-                case ORACLE:
-                    idName = "id, ";
-                    idValue = "seq_priveleged_mapping.nextval, ";
-                    break;
-                case POSTGRESQL:
-                    idName = "id, ";
-                    idValue = "nextval('seq_priveleged_mapping'), ";
-                    break;
-                default:
-                    idName = "";
-                    idValue = "";
-            }
-            SQLQuery qInsert = session.createSQLQuery("insert into priveleged_mapping(" + idName + "type, executor_id) values (" + idValue +
-                    ":type, :executorId)");
-
-            session.createSQLQuery("delete from priveleged_mapping where 1=1").executeUpdate();
-            for (String t : allTypes) {
-                for (Number e : executorIds) {
-                    qInsert.setParameter("type", t);
-                    qInsert.setParameter("executorId", e);
-                    qInsert.executeUpdate();
-                }
-            }
-        }
-
-
-        // Update permission_mapping.type.
-        {
-            class TMatch {
-                private final String oldType;
-                private final String newType;
-                private final boolean clearObjectId;
-
-                private TMatch(String oldType, String newType, boolean clearObjectId) {
-                    this.oldType = oldType;
-                    this.newType = newType;
-                    this.clearObjectId = clearObjectId;
-                }
-            }
-
-            TMatch[] tMatches = {
-                    new TMatch("BOTSTATION", "BOTSTATIONS", true),
-                    // RELATION & RELATION_PAIR will be just deleted; it simpler than deal with possible UK violations, and it's also more correct:
-                    new TMatch("RELATIONGROUP", "RELATIONS", true),
-                    // REPORT will now refer to report instance, not to list of reports:
-                    new TMatch("REPORT", "REPORTS", true),
-            };
-            HashMap<String, TMatch> tMap = new HashMap<>(tMatches.length);
-            for (TMatch m : tMatches) {
-                tMap.put(m.oldType, m);
-            }
-
-            // Delete is needed to avoid possible UK violation by following update.
-            SQLQuery qDelete = session.createSQLQuery("delete from permission_mapping where object_type = :objectType and object_id = :objectId and permission = :permission and executor_id = :executorId");
-            SQLQuery qUpdate = session.createSQLQuery("update permission_mapping set object_type = :objectType, object_id = :objectId where id = :id");
-
-            // I tried iterate(), but got "SQL queries do not currently support iteration".
-            @SuppressWarnings("unchecked")
-            List<Object[]> rows = session
-                    .createSQLQuery("select id, object_type, object_id, permission, executor_id from permission_mapping where object_type in (:types)")
-                    .setParameterList("types", tMap.keySet())
-                    .list();
-            for (Object[] row : rows) {
-                long id = ((Number)row[0]).longValue();
-                String objectType = (String)row[1];
-                long objectId = ((Number)row[2]).longValue();
-                String permission = (String)row[3];
-                long executorId = ((Number)row[4]).longValue();
-
-                TMatch m = tMap.get(objectType);
-                if (m.clearObjectId) {
-                    objectId = 0;
-                }
-
-                qDelete.setParameter("objectType", m.newType);
-                qDelete.setParameter("objectId", objectId);
-                qDelete.setParameter("permission", permission);
-                qDelete.setParameter("executorId", executorId);
-                qDelete.executeUpdate();
-
-                qUpdate.setParameter("objectType", m.newType);
-                qUpdate.setParameter("objectId", objectId);  // Reset to 0 if m.clearObjectId, unchanged otherwise.
-                qUpdate.setParameter("id", id);
-                qUpdate.executeUpdate();
-            }
-        }
-
-
-        // Update permission_mapping.permission. ONLY NAROWWING TRANSFORMATIONS, NO "ALL" ESCALATION.
-        // ATTENTION!!! Possible UK violations are not avoided!
-        {
-            String[] specialQueries = new String[] {
-                    "update permission_mapping set permission = 'LIST' where permission='READ'",
-                    "update permission_mapping set permission = 'LOGIN', object_type = 'EXECUTORS' where object_type = 'SYSTEM' and permission = 'LOGIN_TO_SYSTEM'",
-                    "update permission_mapping set permission = 'UPDATE_STATUS' where object_type = 'ACTOR' and permission = 'UPDATE_ACTOR_STATUS'",
-                    "update permission_mapping set permission = 'VIEW_TASKS' where object_type = 'ACTOR' and permission = 'VIEW_ACTOR_TASKS'",
-                    "update permission_mapping set permission = 'VIEW_TASKS' where object_type = 'GROUP' and permission = 'VIEW_GROUP_TASKS'",
-                    "update permission_mapping set permission = 'READ' where object_type = 'GROUP' and permission = 'LIST_GROUP'",
-
-                    "update permission_mapping set permission = 'UPDATE' where object_type = 'GROUP' and permission = 'ADD_TO_GROUP'",
-                    "delete from permission_mapping where object_type = 'GROUP' and permission = 'REMOVE_FROM_GROUP'",
-
-                    "update permission_mapping set permission = 'UPDATE' where object_type = 'BOTSTATIONS' and permission = 'BOT_STATION_CONFIGURE'",
-                    "update permission_mapping set permission = 'START' where object_type = 'PROCESS' and permission = 'START_PROCESS'",
-                    "update permission_mapping set permission = 'CANCEL' where object_type = 'PROCESS' and permission = 'CANCEL_PROCESS'",
-                    "update permission_mapping set permission = 'CREATE', object_type = 'EXECUTORS' where object_type='SYSTEM' and permission = 'CREATE_EXECUTOR'",
-            };
-            for (String q : specialQueries) {
-                session.createSQLQuery(q).executeUpdate();
-            }
-        }
-
-
-        // Delete permission_mapping rows which still contain illegal (object type, permission name) combinations.
-        {
-            session.createSQLQuery("delete from permission_mapping where object_type not in (:types)")
-                    .setParameterList("types", allTypes)
-                    .executeUpdate();
-
-            Query qDeleteWithIds = session.createSQLQuery("delete from permission_mapping where (object_type = :type) and object_id <> 0");
-            Query qDeleteWithoutIds = session.createSQLQuery("delete from permission_mapping where (object_type = :type) and object_id = 0");
-            Query qDeleteBadPerms = session.createSQLQuery("delete from permission_mapping where (object_type = :type) and (permission not in (:permissions))");
-            for (PMatch pm : pMatches) {
-                (pm.hasIds ? qDeleteWithoutIds : qDeleteWithIds).setParameter("type", pm.type).executeUpdate();
-                qDeleteBadPerms.setParameter("type", pm.type).setParameterList("permissions", pm.perms).executeUpdate();
-            }
-        }
-
-
-        // Delete old obsolete batch_permission categories.
-        {
-            session.createSQLQuery("delete from batch_presentation where category in (:categories)")
-                    .setParameterList("categories", new String[] {
-                            "listExecutorsWithoutBotStationPermission",
-                            "listExecutorsWithoutPermissionsOnExecutorForm",
-                            "listExecutorsWithoutPermissionsOnSystemForm",
-                            "listExecutorsWithoutPermissionsOnDefinitionForm",
-                            "listExecutorsWithoutPermissionsOnProcessForm",
-                            "listExecutorsWithoutPermissionsOnRelationForm",
-                            "listExecutorsWithoutPermissionsOnReportsForm",
-                    })
-                    .executeUpdate();
-        }
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep4.java b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep4.java
index fa83b30c38..db60428830 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep4.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/dbpatch/impl/RefactorPermissionsStep4.java
@@ -25,17 +25,11 @@
  */
 public class RefactorPermissionsStep4 extends DbPatch {
 
+    /**
+     * Implementation was moved to RefactorPermissionsBack.executeDML_step4() unchanged.
+     * See #1586, #1586-10.
+     */
     @Override
     public void executeDML(Session session) {
-        // Replace ACTOR and GROUP types with EXECUTOR in permission_mapping
-        // Delete ACTOR and GROUP from priveleged_mapping
-        {
-            session.createSQLQuery("delete from permission_mapping where object_type = 'EXECUTOR'").executeUpdate();
-            session.createSQLQuery("update permission_mapping set object_type = 'EXECUTOR' where object_type = 'ACTOR' or object_type = 'GROUP'")
-                    .executeUpdate();
-            session.createSQLQuery("delete from priveleged_mapping where type = 'EXECUTOR'").executeUpdate();
-            session.createSQLQuery("delete from priveleged_mapping where type = 'GROUP'").executeUpdate();
-            session.createSQLQuery("update priveleged_mapping set type = 'EXECUTOR' where type = 'ACTOR'").executeUpdate();
-        }
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/ftl/ExpressionEvaluator.java b/wfe-core/src/main/java/ru/runa/wfe/commons/ftl/ExpressionEvaluator.java
index e4a74bb5e5..61e30fe9f2 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/ftl/ExpressionEvaluator.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/ftl/ExpressionEvaluator.java
@@ -81,7 +81,7 @@ public static Date evaluateDueDate(VariableProvider variableProvider, String exp
     public static long evaluateDuration(VariableProvider variableProvider, String expression) {
         Date dueDate = evaluateDueDate(variableProvider, expression);
         long duration = new CalendarInterval(new Date(), dueDate).getLengthInMillis();
-        return duration > 0 ? duration : 0;
+        return duration;
     }
 
     public static Object evaluateVariableNotNull(VariableProvider variableProvider, String expression) {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/logic/CommonLogic.java b/wfe-core/src/main/java/ru/runa/wfe/commons/logic/CommonLogic.java
index e1e3780154..a48272097b 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/logic/CommonLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/logic/CommonLogic.java
@@ -65,10 +65,10 @@ public class CommonLogic {
     protected HibernateQueryFactory queryFactory;
 
     protected <T extends Executor> T checkPermissionsOnExecutor(User user, T executor, Permission permission) {
-        if (executor.getName().equals(SystemExecutors.PROCESS_STARTER_NAME) && permission.equals(Permission.LIST)) {
+        if (executor.getName().equals(SystemExecutors.PROCESS_STARTER_NAME) && permission.equals(Permission.READ)) {
             return executor;
         }
-        if (executor instanceof TemporaryGroup && permission.equals(Permission.LIST)) {
+        if (executor instanceof TemporaryGroup && permission.equals(Permission.READ)) {
             return executor;
         }
         permissionDao.checkAllowed(user, permission, executor);
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/logic/PresentationCompilerHelper.java b/wfe-core/src/main/java/ru/runa/wfe/commons/logic/PresentationCompilerHelper.java
index dab9551714..4a17b5443a 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/logic/PresentationCompilerHelper.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/logic/PresentationCompilerHelper.java
@@ -17,6 +17,7 @@
  */
 package ru.runa.wfe.commons.logic;
 
+import lombok.val;
 import ru.runa.wfe.audit.SystemLog;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.presentation.hibernate.CompilerParameters;
@@ -53,7 +54,7 @@ public final class PresentationCompilerHelper {
      * @return {@linkplain PresentationConfiguredCompiler} for loading all executors.
      */
     public static PresentationConfiguredCompiler<Executor> createAllExecutorsCompiler(User user, BatchPresentation batchPresentation) {
-        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.LIST, ALL_EXECUTORS_CLASSES);
+        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.READ, ALL_EXECUTORS_CLASSES);
         CompilerParameters parameters = CompilerParameters.createPaged().addPermissions(permissions);
         return new PresentationConfiguredCompiler<>(batchPresentation, parameters);
     }
@@ -81,18 +82,20 @@ public static PresentationConfiguredCompiler<SystemLog> createAllSystemLogsCompi
      *            {@linkplain Group}, which children's must be loaded.
      * @param batchPresentation
      *            {@linkplain BatchPresentation} for loading group children's.
-     * @param hasExecutor
-     *            Flag, equals true, if loading executors already in group; false to load executors not in group.
+     * @param isExclude
+     *            False to load executors belonging to group and having READ permission (meaning former LIST_GROUP);
+     *            true to load executors not in group and having UPDATE permission (meaning former ADD_TO_GROUP).
+     *            These permissions correspond to what is checked on callers' side.
      * @return {@linkplain PresentationConfiguredCompiler} for loading group children's.
      */
     public static PresentationConfiguredCompiler<Executor> createGroupChildrenCompiler(User user, Group group, BatchPresentation batchPresentation,
-            boolean hasExecutor) {
-        String inClause = hasExecutor ? "IN" : "NOT IN";
+            boolean isExclude) {
+        String inClause = isExclude ? "NOT IN" : "IN";
         String notInRestriction = inClause + " (SELECT relation.executor.id FROM " + ExecutorGroupMembership.class.getName()
                 + " as relation WHERE relation.group.id=" + group.getId() + ")";
         String[] idRestrictions = { notInRestriction, "<> " + group.getId() };
-        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.LIST, ALL_EXECUTORS_CLASSES);
-        CompilerParameters parameters = CompilerParameters.createPaged().addPermissions(permissions).addIdRestrictions(idRestrictions);
+        val permissions = new RestrictionsToPermissions(user, isExclude ? Permission.UPDATE : Permission.READ, ALL_EXECUTORS_CLASSES);
+        val parameters = CompilerParameters.createPaged().addPermissions(permissions).addIdRestrictions(idRestrictions);
         return new PresentationConfiguredCompiler<>(batchPresentation, parameters);
     }
 
@@ -114,7 +117,7 @@ public static PresentationConfiguredCompiler<Group> createExecutorGroupsCompiler
         String inRestriction = inClause + " (SELECT relation.group.id FROM " + ExecutorGroupMembership.class.getName()
                 + " as relation WHERE relation.executor.id=" + executor.getId() + ")";
         String[] idRestrictions = { inRestriction, "<> " + executor.getId() };
-        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.LIST,
+        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.READ,
                 new SecuredObjectType[] { SecuredObjectType.EXECUTOR });
         CompilerParameters parameters = CompilerParameters.createPaged().addPermissions(permissions).addRequestedClass(Group.class)
                 .addIdRestrictions(idRestrictions);
@@ -140,7 +143,7 @@ public static PresentationConfiguredCompiler<Executor> createExecutorWithPermiss
         String inClause = hasPermission ? "IN" : "NOT IN";
         String idRestriction = inClause + " (SELECT pm.executor.id from " + PermissionMapping.class.getName() + " as pm where pm.objectId="
                 + securedObject.getIdentifiableId() + " and pm.objectType='" + securedObject.getSecuredObjectType() + "')";
-        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.LIST, ALL_EXECUTORS_CLASSES);
+        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.READ, ALL_EXECUTORS_CLASSES);
         CompilerParameters parameters = CompilerParameters.createPaged().addPermissions(permissions).addIdRestrictions(idRestriction);
         return new PresentationConfiguredCompiler<>(batchPresentation, parameters);
     }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/commons/logic/WfCommonLogic.java b/wfe-core/src/main/java/ru/runa/wfe/commons/logic/WfCommonLogic.java
index 1b738ed4df..5537e0fbbc 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/commons/logic/WfCommonLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/commons/logic/WfCommonLogic.java
@@ -102,12 +102,12 @@ protected ProcessDefinition getLatestDefinition(String definitionName) {
         return processDefinitionLoader.getLatestDefinition(definitionName);
     }
 
-    protected void validateVariables(User user, ExecutionContext executionContext, VariableProvider variableProvider,
+    protected void validateVariables(ExecutionContext executionContext, VariableProvider variableProvider,
             ProcessDefinition processDefinition, String nodeId, Map<String, Object> variables) throws ValidationException {
         Interaction interaction = processDefinition.getInteractionNotNull(nodeId);
         if (interaction.getValidationData() != null) {
-            ValidatorContext context = ValidatorManager.getInstance().validate(user, executionContext, variableProvider,
-                    interaction.getValidationData(), variables);
+            ValidatorContext context = ValidatorManager.getInstance().validate(executionContext, variableProvider, interaction.getValidationData(),
+                    variables);
             if (context.hasGlobalErrors() || context.hasFieldErrors()) {
                 throw new ValidationException(context.getFieldErrors(), context.getGlobalErrors());
             }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java
index 6c59eebdab..811481e89c 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/DataSourceStuff.java
@@ -11,7 +11,6 @@ public interface DataSourceStuff {
 
     String ELEMENT_DATA_SOURCE = "dataSource";
     String ELEMENT_FILE_PATH = "filePath";
-    String ELEMENT_FILE_NAME = "fileName";
     String ELEMENT_JNDI_NAME = "jndiName";
     String ELEMENT_DB_TYPE = "dbType";
     String ELEMENT_DB_URL = "dbUrl";
diff --git a/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelDataSource.java b/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelDataSource.java
index 339c1930d5..455f2d6622 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelDataSource.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/datasource/ExcelDataSource.java
@@ -6,22 +6,15 @@
 public class ExcelDataSource extends DataSource {
 
     private String filePath;
-    private String fileName;
 
     @Override
     void init(Document document) {
         super.init(document);
         Element root = document.getRootElement();
         filePath = root.elementText(ELEMENT_FILE_PATH);
-        fileName = root.elementText(ELEMENT_FILE_NAME);
     }
 
     public String getFilePath() {
         return filePath;
     }
-
-    public String getFileName() {
-        return fileName;
-    }
-
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionClassPresentation.java b/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionClassPresentation.java
index 8a6369e72d..7c66281207 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionClassPresentation.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionClassPresentation.java
@@ -53,7 +53,7 @@ private DefinitionClassPresentation() {
                 // get value/show in web getter parameters
                 new FieldDescriptor(NAME, String.class.getName(), new DefaultDbSource(Deployment.class, "name"), true, 1,
                         BatchPresentationConsts.ASC, FieldFilterMode.DATABASE, "ru.runa.common.web.html.PropertyTdBuilder", new Object[] {
-                        Permission.START, "name" }),
+                        Permission.START_PROCESS, "name" }),
                 new FieldDescriptor(DESCRIPTION, String.class.getName(), new DefaultDbSource(Deployment.class, "description"), true,
                         FieldFilterMode.DATABASE, "ru.runa.wf.web.html.DescriptionProcessTdBuilder", new Object[] {}),
                 new FieldDescriptor(TYPE, AnywhereStringFilterCriteria.class.getName(), new DefaultDbSource(Deployment.class, "category"), true,
diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionHistoryClassPresentation.java b/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionHistoryClassPresentation.java
index 47f054a965..0dcfd84130 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionHistoryClassPresentation.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/definition/DefinitionHistoryClassPresentation.java
@@ -49,9 +49,9 @@ private DefinitionHistoryClassPresentation() {
                         // get value/show in web getter parameters
                         new FieldDescriptor(NAME, String.class.getName(), new DefaultDbSource(Deployment.class, "name"), true,
                                 FieldFilterMode.DATABASE, "ru.runa.common.web.html.PropertyTdBuilder", new Object[] {
-                                        Permission.START, "name" }),
+                                        Permission.START_PROCESS, "name" }),
                         new FieldDescriptor(VERSION, Integer.class.getName(), new DefaultDbSource(Deployment.class, "version"), true,
-                                FieldFilterMode.DATABASE, "ru.runa.common.web.html.PropertyTdBuilder", new Object[] { Permission.LIST,
+                                FieldFilterMode.DATABASE, "ru.runa.common.web.html.PropertyTdBuilder", new Object[] { Permission.READ,
                                         "version" }),
                         new FieldDescriptor(DESCRIPTION, String.class.getName(), new DefaultDbSource(Deployment.class, "description"), true,
                                 FieldFilterMode.DATABASE, "ru.runa.wf.web.html.DescriptionProcessTdBuilder", new Object[] {}),
diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java b/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java
index d2d8580250..c743b23f7f 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/definition/bpmn/BpmnXmlReader.java
@@ -122,6 +122,7 @@ public class BpmnXmlReader {
     private static final String EVENT_TYPE = "eventType";
     private static final String COLOR = "color";
     private static final String GLOBAL = "global";
+    private static final String VALIDATE_AT_START = "validateAtStart";
 
     @Autowired
     private LocalizationDao localizationDao;
@@ -315,6 +316,9 @@ private void readNode(ProcessDefinition processDefinition, Element element, Map<
             if (properties.containsKey(ASYNC_COMPLETION_MODE)) {
                 subprocessNode.setCompletionMode(AsyncCompletionMode.valueOf(properties.get(ASYNC_COMPLETION_MODE)));
             }
+            if (properties.containsKey(VALIDATE_AT_START)) {
+                subprocessNode.setValidateAtStart(Boolean.parseBoolean(properties.get(VALIDATE_AT_START)));
+            }
             if (node instanceof MultiSubprocessNode && properties.containsKey(DISCRIMINATOR_CONDITION)) {
                 ((MultiSubprocessNode) node).setDiscriminatorCondition(properties.get(DISCRIMINATOR_CONDITION));
             }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/jpdl/JpdlXmlReader.java b/wfe-core/src/main/java/ru/runa/wfe/definition/jpdl/JpdlXmlReader.java
index cb186f34ea..978113340a 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/definition/jpdl/JpdlXmlReader.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/definition/jpdl/JpdlXmlReader.java
@@ -106,6 +106,7 @@ public class JpdlXmlReader {
     private static final String BEHAVIOUR_TERMINATE = "TERMINATE";
     private static final String EXECUTION_CONDITION = "executionCondition";
     private static final String GLOBAL = "global";
+    private static final String VALIDATE_AT_START = "validateAtStart";
 
     private static Map<String, Class<? extends Node>> nodeTypes = Maps.newHashMap();
     static {
@@ -337,6 +338,7 @@ private void readNode(ProcessDefinition processDefinition, Element element, Node
                 subprocessNode.setSubProcessName(subProcessElement.attributeValue(NAME_ATTR));
                 subprocessNode.setEmbedded(Boolean.parseBoolean(subProcessElement.attributeValue(EMBEDDED, "false")));
                 subprocessNode.setTransactional(Boolean.parseBoolean(subProcessElement.attributeValue(TRANSACTIONAL, "false")));
+                subprocessNode.setValidateAtStart(Boolean.parseBoolean(subProcessElement.attributeValue(VALIDATE_AT_START, "false")));
             }
             if (node instanceof MultiSubprocessNode) {
                 ((MultiSubprocessNode) node).setDiscriminatorCondition(element.attributeValue(EXECUTION_CONDITION));
diff --git a/wfe-core/src/main/java/ru/runa/wfe/definition/logic/DefinitionLogic.java b/wfe-core/src/main/java/ru/runa/wfe/definition/logic/DefinitionLogic.java
index eb91241722..9bf2eadf81 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/definition/logic/DefinitionLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/definition/logic/DefinitionLogic.java
@@ -54,6 +54,7 @@
 import ru.runa.wfe.presentation.hibernate.CompilerParameters;
 import ru.runa.wfe.presentation.hibernate.PresentationCompiler;
 import ru.runa.wfe.presentation.hibernate.RestrictionsToOwners;
+import ru.runa.wfe.security.ApplicablePermissions;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.security.SecuredObjectType;
@@ -67,7 +68,7 @@
 public class DefinitionLogic extends WfCommonLogic {
 
     public WfDefinition deployProcessDefinition(User user, byte[] processArchiveBytes, List<String> categories) {
-        permissionDao.checkAllowed(user, Permission.CREATE, SecuredSingleton.DEFINITIONS);
+        permissionDao.checkAllowed(user, Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM);
         ProcessDefinition definition;
         try {
             definition = parseProcessDefinition(processArchiveBytes);
@@ -84,9 +85,9 @@ public WfDefinition deployProcessDefinition(User user, byte[] processArchiveByte
         definition.getDeployment().setCreateDate(new Date());
         definition.getDeployment().setCreateActor(user.getActor());
         deploymentDao.deploy(definition.getDeployment(), null);
-        permissionDao.setPermissions(user.getActor(), Collections.singletonList(Permission.ALL), definition.getDeployment());
+        permissionDao.setPermissions(user.getActor(), ApplicablePermissions.listVisible(SecuredObjectType.DEFINITION), definition.getDeployment());
         log.debug("Deployed process definition " + definition);
-        return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START, definition.getDeployment()));
+        return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START_PROCESS, definition.getDeployment()));
     }
 
     public WfDefinition redeployProcessDefinition(User user, Long definitionId, byte[] processArchiveBytes, List<String> categories) {
@@ -201,38 +202,38 @@ private void addUpdatedDefinitionInProcessLog(User user, Deployment deployment)
 
     public WfDefinition getLatestProcessDefinition(User user, String definitionName) {
         ProcessDefinition definition = getLatestDefinition(definitionName);
-        permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
-        return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START, definition.getDeployment()));
+        permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
+        return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START_PROCESS, definition.getDeployment()));
     }
 
     public WfDefinition getProcessDefinitionVersion(User user, String name, Long version) {
         Deployment deployment = deploymentDao.findDeployment(name, version);
         ProcessDefinition definition = getDefinition(deployment.getId());
-        permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
-        return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START, definition.getDeployment()));
+        permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
+        return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START_PROCESS, definition.getDeployment()));
     }
 
     public WfDefinition getProcessDefinition(User user, Long definitionId) {
         try {
             ProcessDefinition definition = getDefinition(definitionId);
-            permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
-            return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START, definition.getDeployment()));
+            permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
+            return new WfDefinition(definition, permissionDao.isAllowed(user, Permission.START_PROCESS, definition.getDeployment()));
         } catch (Exception e) {
             Deployment deployment = deploymentDao.getNotNull(definitionId);
-            permissionDao.checkAllowed(user, Permission.LIST, deployment);
+            permissionDao.checkAllowed(user, Permission.READ, deployment);
             return new WfDefinition(deployment);
         }
     }
 
     public ProcessDefinition getParsedProcessDefinition(User user, Long definitionId) {
         ProcessDefinition processDefinition = getDefinition(definitionId);
-        permissionDao.checkAllowed(user, Permission.LIST, processDefinition.getDeployment());
+        permissionDao.checkAllowed(user, Permission.READ, processDefinition.getDeployment());
         return processDefinition;
     }
 
     public List<NodeGraphElement> getProcessDefinitionGraphElements(User user, Long definitionId, String subprocessId) {
         ProcessDefinition definition = getDefinition(definitionId);
-        permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
+        permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
         if (subprocessId != null) {
             definition = definition.getEmbeddedSubprocessByIdNotNull(subprocessId);
         }
@@ -243,7 +244,7 @@ public List<NodeGraphElement> getProcessDefinitionGraphElements(User user, Long
     public List<WfDefinition> getProcessDefinitionHistory(User user, String name) {
         List<Deployment> deploymentVersions = deploymentDao.findAllDeploymentVersions(name);
         final List<WfDefinition> result = Lists.newArrayListWithExpectedSize(deploymentVersions.size());
-        isPermissionAllowed(user, deploymentVersions, Permission.LIST, new CheckMassPermissionCallback() {
+        isPermissionAllowed(user, deploymentVersions, Permission.READ, new CheckMassPermissionCallback() {
             @Override
             public void onPermissionGranted(SecuredObject securedObject) {
                 result.add(new WfDefinition((Deployment) securedObject));
@@ -266,7 +267,7 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
         }
         if (version == null) {
             Deployment latestDeployment = deploymentDao.findLatestDeployment(definitionName);
-            permissionDao.checkAllowed(user, Permission.ALL, latestDeployment);
+            permissionDao.checkAllowed(user, Permission.DELETE, latestDeployment);
             permissionDao.deleteAllPermissions(latestDeployment);
             List<Deployment> deployments = deploymentDao.findAllDeploymentVersions(definitionName);
             for (Deployment deployment : deployments) {
@@ -314,7 +315,7 @@ public List<ProcessDefinitionChange> findChanges(String definitionName, Long ver
     public byte[] getFile(User user, Long definitionId, String fileName) {
         Deployment deployment = deploymentDao.getNotNull(definitionId);
         if (!ProcessArchive.UNSECURED_FILE_NAMES.contains(fileName) && !fileName.endsWith(FileDataProvider.BOTS_XML_FILE)) {
-            permissionDao.checkAllowed(user, Permission.LIST, deployment);
+            permissionDao.checkAllowed(user, Permission.READ, deployment);
         }
         if (FileDataProvider.PAR_FILE.equals(fileName)) {
             return deployment.getContent();
@@ -348,19 +349,19 @@ public Interaction getTaskNodeInteraction(User user, Long definitionId, String n
 
     public List<SwimlaneDefinition> getSwimlanes(User user, Long definitionId) {
         ProcessDefinition definition = processDefinitionLoader.getDefinition(definitionId);
-        permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
+        permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
         return definition.getSwimlanes();
     }
 
     public List<VariableDefinition> getProcessDefinitionVariables(User user, Long definitionId) {
         ProcessDefinition definition = getDefinition(definitionId);
-        permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
+        permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
         return definition.getVariables();
     }
 
     public VariableDefinition getProcessDefinitionVariable(User user, Long definitionId, String variableName) {
         ProcessDefinition definition = getDefinition(definitionId);
-        permissionDao.checkAllowed(user, Permission.LIST, definition.getDeployment());
+        permissionDao.checkAllowed(user, Permission.READ, definition.getDeployment());
         return definition.getVariable(variableName, true);
     }
 
@@ -418,7 +419,7 @@ private List<WfDefinition> getProcessDefinitions(User user, BatchPresentation ba
             }
         }
         final List<WfDefinition> result = Lists.newArrayListWithExpectedSize(deploymentIds.size());
-        isPermissionAllowed(user, deployments, Permission.START,
+        isPermissionAllowed(user, deployments, Permission.START_PROCESS,
                 new StartProcessPermissionCheckCallback(result, processDefinitions));
         return result;
     }
@@ -429,7 +430,7 @@ private List<String> getProcessNameRestriction(User user) {
             definitionSecuredObjects.add(new ru.runa.wfe.definition.logic.DefinitionLogic.DefinitionSecuredObject(deploymentName));
         }
         final List<String> definitionsWithPermission = new ArrayList<>();
-        isPermissionAllowed(user, definitionSecuredObjects, Permission.LIST, new CheckMassPermissionCallback() {
+        isPermissionAllowed(user, definitionSecuredObjects, Permission.READ, new CheckMassPermissionCallback() {
             @Override
             public void onPermissionGranted(SecuredObject securedObject) {
                 definitionsWithPermission.add(((ru.runa.wfe.definition.logic.DefinitionLogic.DefinitionSecuredObject) securedObject).getDeploymentName());
diff --git a/wfe-core/src/main/java/ru/runa/wfe/execution/Process.java b/wfe-core/src/main/java/ru/runa/wfe/execution/Process.java
index 725cfbd56b..f1c1394fbd 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/execution/Process.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/execution/Process.java
@@ -22,6 +22,7 @@
 package ru.runa.wfe.execution;
 
 import com.google.common.base.MoreObjects;
+import com.google.common.base.Objects;
 import com.google.common.base.Throwables;
 import java.util.Date;
 import java.util.List;
@@ -256,7 +257,7 @@ public void end(ExecutionContext executionContext, Actor canceller) {
 
         // flush just created tasks
         ApplicationContextFactory.getTaskDAO().flushPendingChanges();
-        boolean activeSuperProcessExists = parentNodeProcess != null && !parentNodeProcess.getProcess().hasEnded();
+        boolean activeSuperProcessExists = isExistNotEndedParentProcessInHierarchy(executionContext);
         for (Task task : ApplicationContextFactory.getTaskDAO().findByProcess(this)) {
             BaseTaskNode taskNode = (BaseTaskNode) executionContext.getProcessDefinition().getNodeNotNull(task.getNodeId());
             if (taskNode.isAsync()) {
@@ -272,7 +273,7 @@ public void end(ExecutionContext executionContext, Actor canceller) {
             }
             task.end(executionContext, taskNode, taskCompletionInfo);
         }
-        if (parentNodeProcess == null) {
+        if (!activeSuperProcessExists) {
             log.debug("Removing async tasks and subprocesses ON_MAIN_PROCESS_END");
             endSubprocessAndTasksOnMainProcessEndRecursively(executionContext, canceller);
         }
@@ -304,6 +305,27 @@ public void end(ExecutionContext executionContext, Actor canceller) {
         }
     }
 
+    private boolean isExistNotEndedParentProcessInHierarchy(ExecutionContext executionContext) {
+        NodeProcess parentNodeProcess = executionContext.getParentNodeProcess();
+        boolean activeSuperProcessExists = true;
+        if (parentNodeProcess == null ) {
+            activeSuperProcessExists = false;
+        }else {
+            List<Long> processIds = ProcessHierarchyUtils.getProcessIds(hierarchyIds);
+            for (Long processId : processIds) {
+                if (ApplicationContextFactory.getProcessDAO().get(processId).hasEnded()) {
+                    if (Objects.equal(this.id, processId)) {
+                        activeSuperProcessExists = false;
+                        break;
+                    }
+                }else {
+                    break;
+                }
+            }
+        }
+        return activeSuperProcessExists;
+    }
+
     private void endSubprocessAndTasksOnMainProcessEndRecursively(ExecutionContext executionContext, Actor canceller) {
         List<Process> subprocesses = executionContext.getSubprocesses();
         if (subprocesses.size() > 0) {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/execution/ProcessFactory.java b/wfe-core/src/main/java/ru/runa/wfe/execution/ProcessFactory.java
index babe73e958..ba4f0d2815 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/execution/ProcessFactory.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/execution/ProcessFactory.java
@@ -17,6 +17,7 @@
 import ru.runa.wfe.execution.dao.NodeProcessDao;
 import ru.runa.wfe.execution.dao.ProcessDao;
 import ru.runa.wfe.execution.dao.SwimlaneDao;
+import ru.runa.wfe.form.Interaction;
 import ru.runa.wfe.lang.Node;
 import ru.runa.wfe.lang.ProcessDefinition;
 import ru.runa.wfe.lang.StartNode;
@@ -28,6 +29,10 @@
 import ru.runa.wfe.user.Executor;
 import ru.runa.wfe.user.SystemExecutors;
 import ru.runa.wfe.user.dao.ExecutorDao;
+import ru.runa.wfe.validation.ValidationException;
+import ru.runa.wfe.validation.ValidatorContext;
+import ru.runa.wfe.validation.ValidatorManager;
+import ru.runa.wfe.var.VariableProvider;
 
 public class ProcessFactory {
     @Autowired
@@ -94,11 +99,15 @@ private void grantProcessPermissions(ProcessDefinition processDefinition, Proces
     }
 
     public Process createSubprocess(ExecutionContext parentExecutionContext, ProcessDefinition processDefinition, Map<String, Object> variables,
-            int index) {
+            int index, boolean validate) {
         Process parentProcess = parentExecutionContext.getProcess();
         Node subProcessNode = parentExecutionContext.getNode();
         ExecutionContext subExecutionContext = createProcessInternal(processDefinition, variables, null, parentProcess, null);
         nodeProcessDao.create(new NodeProcess(subProcessNode, parentExecutionContext.getToken(), subExecutionContext.getProcess(), index));
+        if (validate) {
+            validateVariables(subExecutionContext, new ExecutionVariableProvider(subExecutionContext), processDefinition,
+                    processDefinition.getStartStateNotNull().getNodeId(), variables);
+        }
         return subExecutionContext.getProcess();
     }
 
@@ -109,6 +118,18 @@ public void startSubprocess(ExecutionContext parentExecutionContext, ExecutionCo
         startProcessInternal(executionContext, null);
     }
 
+    protected void validateVariables(ExecutionContext executionContext, VariableProvider variableProvider,
+            ProcessDefinition processDefinition, String nodeId, Map<String, Object> variables) throws ValidationException {
+        Interaction interaction = processDefinition.getInteractionNotNull(nodeId);
+        if (interaction.getValidationData() != null) {
+            ValidatorContext context = ValidatorManager.getInstance().validate(executionContext, variableProvider,
+                    interaction.getValidationData(), variables);
+            if (context.hasGlobalErrors() || context.hasFieldErrors()) {
+                throw new ValidationException(context.getFieldErrors(), context.getGlobalErrors());
+            }
+        }
+    }
+
     private void grantSubprocessPermissions(ProcessDefinition processDefinition, Process subProcess, Process parentProcess) {
         Set<Executor> executors = new HashSet<>();
         executors.addAll(permissionDao.getExecutorsWithPermission(processDefinition.getDeployment()));
@@ -167,4 +188,5 @@ private void startProcessInternal(ExecutionContext executionContext, String tran
         }
         startNode.leave(executionContext, transition);
     }
+
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/execution/dao/TokenDao.java b/wfe-core/src/main/java/ru/runa/wfe/execution/dao/TokenDao.java
index 633b76f687..e705462a6c 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/execution/dao/TokenDao.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/execution/dao/TokenDao.java
@@ -34,10 +34,10 @@ public List<Token> findByProcessAndExecutionStatus(ru.runa.wfe.execution.Process
         return queryFactory.selectFrom(t).where(t.process.eq(process).and(t.executionStatus.eq(status))).fetch();
     }
 
-    public List<Token> findByProcessAndNodeIdAndExecutionStatusIsFailed(ru.runa.wfe.execution.Process process, String nodeId) {
+    public List<Token> findByProcessAndNodeIdAndExecutionStatus(ru.runa.wfe.execution.Process process, String nodeId, ExecutionStatus status) {
         QToken t = QToken.token;
         return queryFactory.selectFrom(t)
-                .where(t.process.eq(process).and(t.nodeId.eq(nodeId)).and(t.executionStatus.eq(ExecutionStatus.FAILED)))
+                .where(t.process.eq(process).and(t.nodeId.eq(nodeId)).and(t.executionStatus.eq(status)))
                 .fetch();
     }
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/execution/logic/ExecutionLogic.java b/wfe-core/src/main/java/ru/runa/wfe/execution/logic/ExecutionLogic.java
index 0e0721c85d..2e09b295c0 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/execution/logic/ExecutionLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/execution/logic/ExecutionLogic.java
@@ -123,11 +123,11 @@ public void cancelProcess(User user, Long processId) throws ProcessDoesNotExistE
     }
 
     public int getProcessesCount(User user, BatchPresentation batchPresentation) {
-        return getPersistentObjectCount(user, batchPresentation, Permission.LIST, PROCESS_EXECUTION_CLASSES);
+        return getPersistentObjectCount(user, batchPresentation, Permission.READ, PROCESS_EXECUTION_CLASSES);
     }
 
     public List<WfProcess> getProcesses(User user, BatchPresentation batchPresentation) {
-        List<Process> data = getPersistentObjects(user, batchPresentation, Permission.LIST, PROCESS_EXECUTION_CLASSES, true);
+        List<Process> data = getPersistentObjects(user, batchPresentation, Permission.READ, PROCESS_EXECUTION_CLASSES, true);
         return toWfProcesses(data, batchPresentation.getDynamicFieldsToDisplay(true));
     }
 
@@ -153,7 +153,7 @@ public void cancelProcesses(User user, final ProcessFilter filter) {
 
     public WfProcess getProcess(User user, Long id) throws ProcessDoesNotExistException {
         Process process = processDao.getNotNull(id);
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         return new WfProcess(process, getProcessErrors(process));
     }
 
@@ -174,13 +174,13 @@ public List<WfProcess> getSubprocesses(User user, Long processId, boolean recurs
         } else {
             subprocesses = nodeProcessDao.getSubprocesses(process);
         }
-        subprocesses = filterSecuredObject(user, subprocesses, Permission.LIST);
+        subprocesses = filterSecuredObject(user, subprocesses, Permission.READ);
         return toWfProcesses(subprocesses, null);
     }
 
     public List<WfJob> getJobs(User user, Long processId, boolean recursive) throws ProcessDoesNotExistException {
         Process process = processDao.getNotNull(processId);
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         List<Job> jobs = jobDao.findByProcess(process);
         if (recursive) {
             List<Process> subprocesses = nodeProcessDao.getSubprocessesRecursive(process);
@@ -197,7 +197,7 @@ public List<WfJob> getJobs(User user, Long processId, boolean recursive) throws
 
     public List<WfToken> getTokens(User user, Long processId, boolean recursive) throws ProcessDoesNotExistException {
         Process process = processDao.getNotNull(processId);
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         List<WfToken> result = Lists.newArrayList();
         result.addAll(getTokens(process));
         if (recursive) {
@@ -219,7 +219,7 @@ public Long startProcess(User user, Long definitionId, Map<String, Object> varia
         }
         ProcessDefinition processDefinition = getDefinition(definitionId);
         if (SystemProperties.isCheckProcessStartPermissions()) {
-            permissionDao.checkAllowed(user, Permission.START, processDefinition.getDeployment());
+            permissionDao.checkAllowed(user, Permission.START_PROCESS, processDefinition.getDeployment());
         }
         String transitionName = (String) variables.remove(WfProcess.SELECTED_TRANSITION_KEY);
         Map<String, Object> extraVariablesMap = Maps.newHashMap();
@@ -231,7 +231,7 @@ public Long startProcess(User user, Long definitionId, Map<String, Object> varia
         if (!variables.containsKey(startTaskSwimlaneName)) {
             variables.put(startTaskSwimlaneName, user.getActor());
         }
-        validateVariables(user, null, variableProvider, processDefinition, startNode.getNodeId(), variables);
+        validateVariables(null, variableProvider, processDefinition, startNode.getNodeId(), variables);
         // transient variables
         Map<String, Object> transientVariables = (Map<String, Object>) variables.remove(WfProcess.TRANSIENT_VARIABLES);
         Process process = processFactory.startProcess(processDefinition, variables, user.getActor(), transitionName, transientVariables);
@@ -249,7 +249,7 @@ public Long startProcess(User user, Long definitionId, Map<String, Object> varia
     public byte[] getProcessDiagram(User user, Long processId, Long taskId, Long childProcessId, String subprocessId) {
         try {
             Process process = processDao.getNotNull(processId);
-            permissionDao.checkAllowed(user, Permission.LIST, process);
+            permissionDao.checkAllowed(user, Permission.READ, process);
             ProcessDefinition processDefinition = getDefinition(process);
             Token highlightedToken = null;
             if (taskId != null) {
@@ -319,7 +319,7 @@ public NodeGraphElement getProcessDiagramElement(User user, Long processId, Stri
     public byte[] getProcessHistoryDiagram(User user, Long processId, Long taskId, String subprocessId) throws ProcessDoesNotExistException {
         try {
             Process process = processDao.getNotNull(processId);
-            permissionDao.checkAllowed(user, Permission.LIST, process);
+            permissionDao.checkAllowed(user, Permission.READ, process);
             ProcessDefinition processDefinition = getDefinition(process);
             List<ProcessLog> logs = processLogDao.getAll(processId);
             List<Executor> executors = executorDao.getAllExecutors(BatchPresentationFactory.EXECUTORS.createNonPaged());
@@ -333,7 +333,7 @@ public List<NodeGraphElement> getProcessHistoryDiagramElements(User user, Long p
             throws ProcessDoesNotExistException {
         try {
             Process process = processDao.getNotNull(processId);
-            permissionDao.checkAllowed(user, Permission.LIST, process);
+            permissionDao.checkAllowed(user, Permission.READ, process);
             ProcessDefinition processDefinition = getDefinition(process);
             List<ProcessLog> logs = processLogDao.getAll(processId);
             List<Executor> executors = executorDao.getAllExecutors(BatchPresentationFactory.EXECUTORS.createNonPaged());
@@ -387,14 +387,14 @@ public boolean upgradeProcessToDefinitionVersion(User user, Long processId, Long
     public List<WfSwimlane> getProcessSwimlanes(User user, Long processId) throws ProcessDoesNotExistException {
         Process process = processDao.getNotNull(processId);
         ProcessDefinition processDefinition = getDefinition(process);
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         List<SwimlaneDefinition> swimlanes = processDefinition.getSwimlanes();
         List<WfSwimlane> result = Lists.newArrayListWithExpectedSize(swimlanes.size());
         for (SwimlaneDefinition swimlaneDefinition : swimlanes) {
             Swimlane swimlane = swimlaneDao.findByProcessAndName(process, swimlaneDefinition.getName());
             Executor assignedExecutor = null;
             if (swimlane != null && swimlane.getExecutor() != null) {
-                if (permissionDao.isAllowed(user, Permission.LIST, swimlane.getExecutor())) {
+                if (permissionDao.isAllowed(user, Permission.READ, swimlane.getExecutor())) {
                     assignedExecutor = swimlane.getExecutor();
                 } else {
                     assignedExecutor = Actor.UNAUTHORIZED_ACTOR;
@@ -412,7 +412,7 @@ public List<WfSwimlane> getActiveProcessesSwimlanes(User user, String namePatter
             ProcessDefinition processDefinition = getDefinition(swimlane.getProcess());
             SwimlaneDefinition swimlaneDefinition = processDefinition.getSwimlaneNotNull(swimlane.getName());
             Executor assignedExecutor = swimlane.getExecutor();
-            if (assignedExecutor == null || !permissionDao.isAllowed(user, Permission.LIST, assignedExecutor)) {
+            if (assignedExecutor == null || !permissionDao.isAllowed(user, Permission.READ, assignedExecutor)) {
                 assignedExecutor = Actor.UNAUTHORIZED_ACTOR;
             }
             listSwimlanes.add(new WfSwimlane(swimlaneDefinition, swimlane, assignedExecutor));
@@ -473,7 +473,7 @@ public List<WfProcess> getFailedProcesses(User user) {
         BatchPresentation batchPresentation = BatchPresentationFactory.PROCESSES.createNonPaged();
         int index = batchPresentation.getType().getFieldIndex(ProcessClassPresentation.PROCESS_EXECUTION_STATUS);
         batchPresentation.getFilteredFields().put(index, new StringFilterCriteria(ExecutionStatus.FAILED.name()));
-        List<Process> processes = getPersistentObjects(user, batchPresentation, Permission.LIST, PROCESS_EXECUTION_CLASSES, false);
+        List<Process> processes = getPersistentObjects(user, batchPresentation, Permission.READ, PROCESS_EXECUTION_CLASSES, false);
         return toWfProcesses(processes, null);
     }
 
@@ -604,7 +604,7 @@ private List<WfToken> getTokens(Process process) throws ProcessDoesNotExistExcep
 
     private List<Process> getProcessesInternal(User user, ProcessFilter filter) {
         List<Process> processes = processDao.getProcesses(filter);
-        processes = filterSecuredObject(user, processes, Permission.LIST);
+        processes = filterSecuredObject(user, processes, Permission.READ);
         return processes;
     }
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessDefinitionInfoVisitor.java b/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessDefinitionInfoVisitor.java
index 8830ac6f21..11838120f3 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessDefinitionInfoVisitor.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessDefinitionInfoVisitor.java
@@ -84,6 +84,6 @@ protected void onSubprocessNode(SubprocessNodeGraphElement element) {
      */
     private boolean hasReadPermission(ProcessDefinition processDefinition) {
         PermissionDao permissionDao = ApplicationContextFactory.getPermissionDAO();
-        return permissionDao.isAllowed(user, Permission.LIST, processDefinition.getDeployment());
+        return permissionDao.isAllowed(user, Permission.READ, processDefinition.getDeployment());
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessGraphInfoVisitor.java b/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessGraphInfoVisitor.java
index 7b03ec9893..1ee468b04d 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessGraphInfoVisitor.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/graph/view/ProcessGraphInfoVisitor.java
@@ -105,7 +105,7 @@ protected void onSubprocessNode(SubprocessNodeGraphElement element) {
      */
     private boolean hasReadPermission(Process process) {
         PermissionDao permissionDao = ApplicationContextFactory.getPermissionDAO();
-        return permissionDao.isAllowed(user, Permission.LIST, process);
+        return permissionDao.isAllowed(user, Permission.READ, process);
     }
 
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/job/impl/ExpiredTasksNotifier.java b/wfe-core/src/main/java/ru/runa/wfe/job/impl/ExpiredTasksNotifier.java
index c9d80eafb3..65de972403 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/job/impl/ExpiredTasksNotifier.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/job/impl/ExpiredTasksNotifier.java
@@ -32,7 +32,6 @@ public class ExpiredTasksNotifier {
     private EmailUtils.ProcessNameFilter excludeProcessNameFilter;
     @Autowired
     private TaskDao taskDao;
-    @Autowired
     private long scheduledTimerTaskPeriod;
 
     @Required
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/Action.java b/wfe-core/src/main/java/ru/runa/wfe/lang/Action.java
index af302a9909..deee1c30f0 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/Action.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/Action.java
@@ -21,13 +21,12 @@
  */
 package ru.runa.wfe.lang;
 
-import ru.runa.wfe.audit.ActionLog;
-import ru.runa.wfe.execution.ExecutionContext;
-import ru.runa.wfe.extension.ActionHandler;
-
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Throwables;
+import ru.runa.wfe.audit.ActionLog;
+import ru.runa.wfe.execution.ExecutionContext;
+import ru.runa.wfe.extension.ActionHandler;
 
 public class Action extends GraphElement {
     private static final long serialVersionUID = 1L;
@@ -49,7 +48,7 @@ public void execute(ExecutionContext executionContext) {
             actionHandler.execute(executionContext);
             executionContext.addLog(new ActionLog(this));
         } catch (Exception e) {
-            log.error("Failed " + this);
+            log.error("Failed " + delegation);
             throw Throwables.propagate(e);
         }
     }
@@ -72,7 +71,7 @@ public void setDelegation(Delegation instantiatableDelegate) {
 
     @Override
     public String toString() {
-        return MoreObjects.toStringHelper(this).add("event", actionEvent).add("delegation", delegation).toString();
+        return MoreObjects.toStringHelper(this).add("event", actionEvent).toString();
     }
 
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/BaseMessageNode.java b/wfe-core/src/main/java/ru/runa/wfe/lang/BaseMessageNode.java
index a0bef46faa..56eeecfef3 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/BaseMessageNode.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/BaseMessageNode.java
@@ -9,6 +9,7 @@ public abstract class BaseMessageNode extends VariableContainerNode {
     public static final String ERROR_EVENT_NODE_ID = "processNodeId";
     public static final String ERROR_EVENT_TOKEN_ID = "tokenId";
     public static final String ERROR_EVENT_MESSAGE = "error_event_message";
+    public static final String EXPIRATION_PROPERTY = "_expiration";
     private MessageEventType eventType = MessageEventType.message;
 
     public MessageEventType getEventType() {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/BaseReceiveMessageNode.java b/wfe-core/src/main/java/ru/runa/wfe/lang/BaseReceiveMessageNode.java
index 399fe7f454..28ca30eadb 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/BaseReceiveMessageNode.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/BaseReceiveMessageNode.java
@@ -49,8 +49,8 @@ public void leave(ExecutionContext executionContext, Map<String, Object> map) {
 
     @Override
     public void leave(ExecutionContext executionContext, Transition transition) {
-        super.leave(executionContext, transition);
         executionContext.getToken().setMessageSelector(null);
+        super.leave(executionContext, transition);
     }
 
     @Override
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/EmbeddedSubprocessEndNode.java b/wfe-core/src/main/java/ru/runa/wfe/lang/EmbeddedSubprocessEndNode.java
index d3e2631201..8b3bec3b7c 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/EmbeddedSubprocessEndNode.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/EmbeddedSubprocessEndNode.java
@@ -1,9 +1,13 @@
 package ru.runa.wfe.lang;
 
 import java.util.List;
-
+import org.springframework.beans.factory.annotation.Autowired;
 import ru.runa.wfe.audit.NodeLeaveLog;
 import ru.runa.wfe.execution.ExecutionContext;
+import ru.runa.wfe.execution.ExecutionStatus;
+import ru.runa.wfe.execution.Token;
+import ru.runa.wfe.execution.dao.TokenDao;
+import ru.runa.wfe.lang.bpmn2.CatchEventNode;
 
 /**
  * Used for embedded subprocess merging.
@@ -14,6 +18,8 @@
 public class EmbeddedSubprocessEndNode extends Node implements BoundaryEventContainer {
     private static final long serialVersionUID = 1L;
     private SubprocessNode subprocessNode;
+    @Autowired
+    private transient TokenDao tokenDao;
 
     public void setSubprocessNode(SubprocessNode subprocessNode) {
         this.subprocessNode = subprocessNode;
@@ -50,4 +56,22 @@ protected void addLeaveLog(ExecutionContext executionContext) {
         executionContext.getToken().setNodeId(getNodeId());
     }
 
+    /**
+     * This implementation has a pitfall: in case of multiple active embedded subprocesses all will be cancelled by single event
+     */
+    @Override
+    public void endBoundaryEventTokens(ExecutionContext executionContext) {
+        List<BoundaryEvent> boundaryEvents = ((BoundaryEventContainer) this).getBoundaryEvents();
+        for (BoundaryEvent boundaryEvent : boundaryEvents) {
+            if (boundaryEvent instanceof CatchEventNode) {
+                String boundaryEventNodeId = ((CatchEventNode) boundaryEvent).getNodeId();
+                List<Token> activeTokens = tokenDao.findByProcessAndNodeIdAndExecutionStatus(executionContext.getProcess(), boundaryEventNodeId,
+                        ExecutionStatus.ACTIVE);
+                for (Token token : activeTokens) {
+                    token.end(executionContext.getProcessDefinition(), null, null, false);
+                }
+            }
+        }
+    }
+
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/GraphElement.java b/wfe-core/src/main/java/ru/runa/wfe/lang/GraphElement.java
index bc74b4b750..51549a1ca9 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/GraphElement.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/GraphElement.java
@@ -21,28 +21,24 @@
  */
 package ru.runa.wfe.lang;
 
+import com.google.common.base.MoreObjects;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.Maps;
 import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlTransient;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
-import com.google.common.base.MoreObjects;
-import com.google.common.base.Preconditions;
-import com.google.common.collect.Maps;
-
 import ru.runa.wfe.execution.ExecutionContext;
 
 @XmlAccessorType(XmlAccessType.FIELD)
 public abstract class GraphElement implements Serializable, Cloneable {
     private static final long serialVersionUID = 1L;
-    protected static final Log log = LogFactory.getLog("wfelang");
+    protected static final Log log = LogFactory.getLog("ru.runa.wfe.lang");
 
     private String nodeId;
     protected String name;
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/MultiSubprocessNode.java b/wfe-core/src/main/java/ru/runa/wfe/lang/MultiSubprocessNode.java
index 1138ddc8f3..b8936d4072 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/MultiSubprocessNode.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/MultiSubprocessNode.java
@@ -1,12 +1,12 @@
 package ru.runa.wfe.lang;
 
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import org.springframework.beans.factory.annotation.Autowired;
-
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.audit.SubprocessEndLog;
 import ru.runa.wfe.commons.GroovyScriptExecutor;
@@ -20,18 +20,15 @@
 import ru.runa.wfe.execution.dao.NodeProcessDao;
 import ru.runa.wfe.lang.utils.MultiinstanceUtils;
 import ru.runa.wfe.lang.utils.MultiinstanceUtils.Parameters;
-import ru.runa.wfe.var.SelectableOption;
-import ru.runa.wfe.var.VariableProvider;
 import ru.runa.wfe.var.MapDelegableVariableProvider;
 import ru.runa.wfe.var.MapVariableProvider;
+import ru.runa.wfe.var.SelectableOption;
 import ru.runa.wfe.var.VariableMapping;
+import ru.runa.wfe.var.VariableProvider;
 import ru.runa.wfe.var.dto.Variables;
 import ru.runa.wfe.var.dto.WfVariable;
 import ru.runa.wfe.var.format.ListFormat;
 
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-
 public class MultiSubprocessNode extends SubprocessNode {
     private static final long serialVersionUID = 1L;
 
@@ -115,7 +112,7 @@ protected void execute(ExecutionContext executionContext) {
                     }
                 }
             }
-            Process subProcess = processFactory.createSubprocess(executionContext, subProcessDefinition, variables, index);
+            Process subProcess = processFactory.createSubprocess(executionContext, subProcessDefinition, variables, index, isValidateAtStart());
             subProcesses.add(subProcess);
         }
         for (Process subprocess : subProcesses) {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/Node.java b/wfe-core/src/main/java/ru/runa/wfe/lang/Node.java
index bd0fab73e6..f91a1dbe3e 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/Node.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/Node.java
@@ -26,6 +26,7 @@
 import com.google.common.base.Throwables;
 import com.google.common.collect.Lists;
 import java.util.List;
+import java.util.Set;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.audit.NodeEnterLog;
 import ru.runa.wfe.audit.NodeLeaveLog;
@@ -247,18 +248,7 @@ public void leave(ExecutionContext executionContext, Transition transition) {
             Token parentToken = executionContext.getToken().getParent();
             ((Node) getParentElement()).onBoundaryEvent(new ExecutionContext(executionContext.getProcessDefinition(), parentToken),
                     (BoundaryEvent) this);
-            for (Token token : parentToken.getChildren()) {
-                if (Objects.equal(token, executionContext.getToken())) {
-                    continue;
-                }
-                if (token.hasEnded()) {
-                    // inactive ParallelGateway behaviour
-                    token.setAbleToReactivateParent(false);
-                } else {
-                    token.end(executionContext.getProcessDefinition(), null,
-                            ((BoundaryEvent) this).getTaskCompletionInfoIfInterrupting(executionContext), true);
-                }
-            }
+            endTokensRecursively(executionContext, parentToken.getChildren());
         }
 
         Token token = executionContext.getToken();
@@ -321,4 +311,20 @@ protected void onBoundaryEvent(ExecutionContext executionContext, BoundaryEvent
         executionContext.getToken().end(executionContext.getProcessDefinition(), null,
                 boundaryEvent.getTaskCompletionInfoIfInterrupting(executionContext), false);
     }
+
+    private void endTokensRecursively(ExecutionContext executionContext, Set<Token> tokens) {
+        for (Token token : tokens) {
+            if (Objects.equal(token, executionContext.getToken())) {
+                continue;
+            }
+            if (token.hasEnded()) {
+                // inactive ParallelGateway behaviour
+                token.setAbleToReactivateParent(false);
+            } else {
+                token.end(executionContext.getProcessDefinition(), null,
+                        ((BoundaryEvent) this).getTaskCompletionInfoIfInterrupting(executionContext), true);
+            }
+            endTokensRecursively(executionContext, token.getChildren());
+        }
+    }
 }
\ No newline at end of file
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/ScriptNode.java b/wfe-core/src/main/java/ru/runa/wfe/lang/ScriptNode.java
index 1517b141f4..955c5430f3 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/ScriptNode.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/ScriptNode.java
@@ -1,16 +1,14 @@
 package ru.runa.wfe.lang;
 
+import com.google.common.base.MoreObjects;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.Lists;
 import java.util.List;
-
 import ru.runa.wfe.audit.ActionLog;
 import ru.runa.wfe.commons.Utils;
 import ru.runa.wfe.execution.ExecutionContext;
 import ru.runa.wfe.extension.ActionHandler;
 
-import com.google.common.base.MoreObjects;
-import com.google.common.base.Preconditions;
-import com.google.common.collect.Lists;
-
 public class ScriptNode extends Node implements BoundaryEventContainer {
     private static final long serialVersionUID = 1L;
     private Delegation delegation;
@@ -43,7 +41,7 @@ protected void execute(ExecutionContext executionContext) throws Exception {
         try {
             actionHandler.execute(executionContext);
         } catch (Exception e) {
-            log.error("Handling failed using " + executionContext + " in " + this, e);
+            log.error("Handling failed using " + executionContext + " in " + delegation, e);
             if (hasErrorEventHandler()) {
                 Utils.sendBpmnErrorMessage(executionContext.getProcess().getId(), getNodeId(), e);
                 return;
@@ -56,7 +54,7 @@ protected void execute(ExecutionContext executionContext) throws Exception {
 
     @Override
     public String toString() {
-        return MoreObjects.toStringHelper(this).add("id", getNodeId()).add("delegation", delegation).toString();
+        return MoreObjects.toStringHelper(this).add("id", getNodeId()).toString();
     }
 
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/SubprocessNode.java b/wfe-core/src/main/java/ru/runa/wfe/lang/SubprocessNode.java
index b13d471344..097d19c58f 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/SubprocessNode.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/SubprocessNode.java
@@ -30,6 +30,7 @@ public class SubprocessNode extends VariableContainerNode implements Synchroniza
     private String subProcessName;
     private boolean embedded;
     private boolean transactional;
+    private boolean validateAtStart;
     private final List<BoundaryEvent> boundaryEvents = Lists.newArrayList();
     @Autowired
     private transient ProcessDefinitionLoader processDefinitionLoader;
@@ -81,6 +82,14 @@ public void setTransactional(boolean transactional) {
         this.transactional = transactional;
     }
 
+    public boolean isValidateAtStart() {
+        return validateAtStart;
+    }
+
+    public void setValidateAtStart(boolean validateAtStart) {
+        this.validateAtStart = validateAtStart;
+    }
+
     @Override
     public boolean isAsync() {
         return async;
@@ -155,7 +164,7 @@ protected void execute(ExecutionContext executionContext) throws Exception {
                 }
             }
         }
-        Process subProcess = processFactory.createSubprocess(executionContext, subProcessDefinition, variables, 0);
+        Process subProcess = processFactory.createSubprocess(executionContext, subProcessDefinition, variables, 0, isValidateAtStart());
         processFactory.startSubprocess(executionContext, new ExecutionContext(subProcessDefinition, subProcess));
         if (async) {
             log.debug("continue execution in async " + this);
diff --git a/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/ParallelGateway.java b/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/ParallelGateway.java
index cebe5303d2..937a0563d2 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/ParallelGateway.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/lang/bpmn2/ParallelGateway.java
@@ -1,16 +1,19 @@
 package ru.runa.wfe.lang.bpmn2;
 
+import com.google.common.base.MoreObjects;
+import com.google.common.base.Objects;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.transaction.UserTransaction;
-
 import ru.runa.wfe.commons.ApplicationContextFactory;
 import ru.runa.wfe.commons.Errors;
-import ru.runa.wfe.commons.TransactionListener;
 import ru.runa.wfe.commons.SystemProperties;
+import ru.runa.wfe.commons.TransactionListener;
 import ru.runa.wfe.commons.TransactionListeners;
 import ru.runa.wfe.commons.TransactionalExecutor;
 import ru.runa.wfe.commons.error.ProcessError;
@@ -24,12 +27,6 @@
 import ru.runa.wfe.lang.NodeType;
 import ru.runa.wfe.lang.Transition;
 
-import com.google.common.base.MoreObjects;
-import com.google.common.base.Objects;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
-
 public class ParallelGateway extends Node {
     private static final long serialVersionUID = 1L;
 
@@ -263,7 +260,8 @@ protected void doExecuteInTransaction() throws Exception {
                         log.debug("Executing " + this);
                         ru.runa.wfe.execution.Process process = ApplicationContextFactory.getProcessDAO().getNotNull(processId);
                         TokenDao tokenDao = ApplicationContextFactory.getTokenDAO();
-                        List<Token> failedTokens = tokenDao.findByProcessAndNodeIdAndExecutionStatusIsFailed(process, gateway.getNodeId());
+                        List<Token> failedTokens = tokenDao.findByProcessAndNodeIdAndExecutionStatus(process, gateway.getNodeId(),
+                                ExecutionStatus.FAILED);
                         if (failedTokens.isEmpty()) {
                             log.warn("no failed tokens found");
                             return;
diff --git a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java
index 3b571db444..699300b0a5 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/presentation/hibernate/HibernateCompilerHqlBuider.java
@@ -323,15 +323,28 @@ private List<String> addSecureCheck() {
             return result;
         }
 
-        // Check all types have same list type and permission substitutions. List type must not be null, since we're querying list.
+        // Check all types have same list type (unless null) and permission substitutions. List type may be null.
         // TODO After ACTOR and GROUP types are merged into EXECUTOR, consider to replace `types` to single `type`.
-        SecuredObjectType listType = pp.types[0].getListType();
-        PermissionSubstitutions.ForCheck subst = PermissionSubstitutions.getForCheck(pp.types[0], pp.permission);
-        Assert.notNull(listType);
-        for (int i = 1;  i < pp.types.length;  i++) {
-            Assert.isTrue(listType == pp.types[i].getListType());
-            Assert.isTrue(Objects.equals(subst, PermissionSubstitutions.getForCheck(pp.types[i], pp.permission)));
+        PermissionSubstitutions.ForCheck subst = null;
+        SecuredObjectType listType = null;
+        for (int i = 0;  i < pp.types.length;  i++) {
+            SecuredObjectType lt = pp.types[i].getListType();
+            if (lt != null) {
+                if (listType == null) {
+                    listType = lt;
+                } else {
+                    Assert.isTrue(listType == lt);
+                }
+            }
+            PermissionSubstitutions.ForCheck s = PermissionSubstitutions.getForCheck(pp.types[i], pp.permission);
+            if (i == 0) {
+                subst = s;
+            } else {
+                Assert.isTrue(Objects.equals(subst, s));
+            }
         }
+        Assert.notNull(subst);
+        Assert.isTrue(subst.listPermissions.isEmpty() || listType != null);
 
         ExecutorDao executorDao = ApplicationContextFactory.getExecutorDAO();
         PermissionDao permissionDao = ApplicationContextFactory.getPermissionDAO();
@@ -363,9 +376,11 @@ private List<String> addSecureCheck() {
             permissionNames.add(p.getName());
         }
 
-        result.add("(instance.id in (select pm.objectId from PermissionMapping pm where pm.executor.id in (:securedOwnerIds) and " +
-                "pm.objectType in (:securedTypes) and pm.permission in (:securedPermissions)" +
-                "))");
+        result.add("(instance.id in (" +
+                "select pm.objectId " +
+                "from PermissionMapping pm " +
+                "where pm.executor.id in (:securedOwnerIds) and pm.objectType in (:securedTypes) and pm.permission in (:securedPermissions)" +
+        "))");
         placeholders.add("securedOwnerIds", executorIds);
 //        placeholders.add("securedTypes", Arrays.stream(types).map(SecuredObjectType::getName).collect(Collectors.toList()), Hibernate.STRING);
 //        placeholders.add("securedPermissions", subst.selfPermissions.stream().map(Permission::getName).collect(Collectors.toList()), Hibernate.STRING);
diff --git a/wfe-core/src/main/java/ru/runa/wfe/relation/Relation.java b/wfe-core/src/main/java/ru/runa/wfe/relation/Relation.java
index 499273888d..b495d74c20 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/relation/Relation.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/relation/Relation.java
@@ -19,7 +19,6 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Objects;
-import java.io.Serializable;
 import java.util.Date;
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -28,8 +27,11 @@
 import javax.persistence.Id;
 import javax.persistence.SequenceGenerator;
 import javax.persistence.Table;
+import javax.persistence.Transient;
 import org.hibernate.annotations.Cache;
 import org.hibernate.annotations.CacheConcurrencyStrategy;
+import ru.runa.wfe.security.SecuredObjectBase;
+import ru.runa.wfe.security.SecuredObjectType;
 
 /**
  * Relation between executors. Each relation contains some RelationPair, which
@@ -38,7 +40,7 @@
 @Entity
 @Table(name = "EXECUTOR_RELATION")
 @Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
-public class Relation implements Serializable {
+public class Relation extends SecuredObjectBase {
     private static final long serialVersionUID = 1L;
 
     private Long id;
@@ -63,6 +65,12 @@ public Relation(String name, String description) {
         this.createDate = new Date();
     }
 
+    @Transient
+    @Override
+    public SecuredObjectType getSecuredObjectType() {
+        return SecuredObjectType.RELATION;
+    }
+
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO, generator = "sequence")
     @SequenceGenerator(name = "sequence", sequenceName = "SEQ_RELATION_GROUP", allocationSize = 1)
diff --git a/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java
index 3e0ffd8849..0bebfdf749 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/relation/logic/RelationLogic.java
@@ -32,6 +32,7 @@
 import ru.runa.wfe.relation.dao.RelationDao;
 import ru.runa.wfe.relation.dao.RelationPairDao;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.user.Executor;
 import ru.runa.wfe.user.User;
@@ -61,7 +62,7 @@ public class RelationLogic extends CommonLogic {
      * @return Created relation pair.
      */
     public RelationPair addRelationPair(User user, Long relationId, Executor left, Executor right) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.RELATIONS);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredObjectType.RELATION, relationId);
         Relation relation = relationDao.getNotNull(relationId);
         return relationPairDao.addRelationPair(relation, left, right);
     }
@@ -75,12 +76,12 @@ public RelationPair addRelationPair(User user, Long relationId, Executor left, E
      * @return Created relation.
      */
     public Relation createRelation(User user, Relation relation) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.RELATIONS);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredSingleton.RELATIONS);
         return relationDao.create(relation);
     }
 
     public Relation updateRelation(User user, Relation relation) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.RELATIONS);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredSingleton.RELATIONS);
         return relationDao.update(relation);
     }
 
@@ -207,8 +208,8 @@ public List<RelationPair> getRelations(User user, Long relationId, BatchPresenta
      *            {@link RelationPair} identity.
      */
     public void removeRelationPair(User user, Long relationPairId) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.RELATIONS);
         RelationPair relationPair = relationPairDao.getNotNull(relationPairId);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredObjectType.RELATION, relationPair.getRelation().getId());
         relationPairDao.delete(relationPair);
     }
 
@@ -221,7 +222,7 @@ public void removeRelationPair(User user, Long relationPairId) {
      *            Relation identity.
      */
     public void removeRelation(User user, Long relationId) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.RELATIONS);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredSingleton.RELATIONS);
         relationDao.delete(relationId);
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/report/ReportClassPresentation.java b/wfe-core/src/main/java/ru/runa/wfe/report/ReportClassPresentation.java
index a8c9949172..bf361708cd 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/report/ReportClassPresentation.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/report/ReportClassPresentation.java
@@ -40,9 +40,9 @@ public class ReportClassPresentation extends ClassPresentation {
     private ReportClassPresentation() {
         super(ReportDefinition.class, null, false, new FieldDescriptor[] {
                 new FieldDescriptor(NAME, AnywhereStringFilterCriteria.class.getName(), new DefaultDbSource(ReportDefinition.class, "name"), true, 1,
-                        BatchPresentationConsts.ASC, FieldFilterMode.DATABASE, PropertyTdBuilder, new Object[] { Permission.LIST, "name" }),
+                        BatchPresentationConsts.ASC, FieldFilterMode.DATABASE, PropertyTdBuilder, new Object[] { Permission.READ, "name" }),
                 new FieldDescriptor(DESCRIPTION, AnywhereStringFilterCriteria.class.getName(), new DefaultDbSource(ReportDefinition.class,
-                        "description"), true, FieldFilterMode.DATABASE, PropertyTdBuilder, new Object[] { Permission.LIST, "description" }),
+                        "description"), true, FieldFilterMode.DATABASE, PropertyTdBuilder, new Object[] { Permission.READ, "description" }),
                 new FieldDescriptor(TYPE, AnywhereStringFilterCriteria.class.getName(), new DefaultDbSource(ReportDefinition.class, "category"),
                         true, FieldFilterMode.DATABASE, "ru.runa.wf.web.html.CategoryTdBuilder", new Object[] {}) });
     }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/report/dao/ReportDao.java b/wfe-core/src/main/java/ru/runa/wfe/report/dao/ReportDao.java
index 7b674c179a..95b542d77c 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/report/dao/ReportDao.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/report/dao/ReportDao.java
@@ -23,7 +23,7 @@ public class ReportDao extends GenericDao<ReportDefinition> {
     private static final SecuredObjectType[] SECURED_OBJECTS = new SecuredObjectType[] { SecuredObjectType.REPORT };
 
     public List<WfReport> getReportDefinitions(User user, BatchPresentation batchPresentation, boolean enablePaging) {
-        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.LIST, SECURED_OBJECTS);
+        RestrictionsToPermissions permissions = new RestrictionsToPermissions(user, Permission.READ, SECURED_OBJECTS);
         CompilerParameters parameters = CompilerParameters.create(enablePaging).addPermissions(permissions);
         List<ReportDefinition> deployments = new PresentationCompiler<ReportDefinition>(batchPresentation).getBatch(parameters);
         List<WfReport> definitions = Lists.newArrayList();
diff --git a/wfe-core/src/main/java/ru/runa/wfe/report/logic/ReportLogic.java b/wfe-core/src/main/java/ru/runa/wfe/report/logic/ReportLogic.java
index 5a1c29bf8a..8c2db4e8e7 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/report/logic/ReportLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/report/logic/ReportLogic.java
@@ -21,6 +21,7 @@
 import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObject;
+import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.user.User;
 
@@ -35,13 +36,13 @@ public List<WfReport> getReportDefinitions(User user, BatchPresentation batchPre
 
     public WfReport getReportDefinition(User user, Long id) {
         WfReport reportDefinition = reportDao.getReportDefinition(id);
-        permissionDao.checkAllowed(user, Permission.LIST, reportDefinition);
+        permissionDao.checkAllowed(user, Permission.READ, reportDefinition);
         return reportDefinition;
     }
 
     public SecuredObject getReportDefinition(User user, String reportName) {
         WfReport reportDefinition = new WfReport(reportDao.getReportDefinition(reportName));
-        permissionDao.checkAllowed(user, Permission.LIST, reportDefinition);
+        permissionDao.checkAllowed(user, Permission.READ, reportDefinition);
         return reportDefinition;
     }
 
@@ -58,7 +59,7 @@ public List<WfReportParameter> analyzeReportFile(WfReport report, byte[] reportF
     }
 
     public void deployReport(User user, WfReport report, byte[] file) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.REPORTS);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredSingleton.REPORTS);
         ReportDefinition existingByName = reportDao.getReportDefinition(report.getName());
         if (existingByName != null) {
             throw new ReportWithNameExistsException(report.getName());
@@ -68,7 +69,9 @@ public void deployReport(User user, WfReport report, byte[] file) {
     }
 
     public void redeployReport(User user, WfReport report, byte[] file) throws ReportFileMissingException {
-        permissionDao.checkAllowed(user, Permission.ALL, report);
+        // It's enough to check only instance permission; see class PermissionSubstitutions and #1586-33.
+        permissionDao.checkAllowed(user, Permission.UPDATE, report);
+
         ReportDefinition existingByName = reportDao.getReportDefinition(report.getName());
         if (existingByName != null && !existingByName.getId().equals(report.getId())) {
             throw new ReportWithNameExistsException(report.getName());
@@ -81,15 +84,11 @@ public void redeployReport(User user, WfReport report, byte[] file) throws Repor
             file = replacedReport.getCompiledReport();
         }
         ReportDefinition reportDefinition = createReportDefinition(report, file);
-        if (!permissionDao.isAllowed(user, Permission.ALL, report)) {
-            throw new AuthorizationException(user + " does not have " + Permission.ALL + " permission to " + report);
-        }
-
         reportDao.redeployReport(reportDefinition);
     }
 
     public void undeployReport(User user, Long reportId) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.REPORTS);
+        permissionDao.checkAllowed(user, Permission.UPDATE, SecuredObjectType.REPORT, reportId);
         reportDao.undeploy(reportId);
     }
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/script/common/NamedIdentitySet.java b/wfe-core/src/main/java/ru/runa/wfe/script/common/NamedIdentitySet.java
index 13ec2294b8..a16f3ebadd 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/script/common/NamedIdentitySet.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/script/common/NamedIdentitySet.java
@@ -92,21 +92,21 @@ public void register(ScriptExecutionContext context) {
 
     @XmlEnum
     public enum NamedIdentityType {
-        @XmlEnumValue(value = "ProcessDefinition")
-        PROCESS_DEFINITION(SecuredObjectType.DEFINITION, "ProcessDefinition"),
+        @XmlEnumValue(value = "DEFINITION")
+        PROCESS_DEFINITION(SecuredObjectType.DEFINITION),
 
-        @XmlEnumValue(value = "Executor")
-        EXECUTOR(SecuredObjectType.EXECUTOR, "Executor"),
+        @XmlEnumValue(value = "EXECUTOR")
+        EXECUTOR(SecuredObjectType.EXECUTOR),
 
-        @XmlEnumValue(value = "Report")
-        REPORT(SecuredObjectType.REPORT, "Report");
+        @XmlEnumValue(value = "REPORT")
+        REPORT(SecuredObjectType.REPORT);
 
         private SecuredObjectType securedObjectType;
         private String scriptName;
 
-        NamedIdentityType(SecuredObjectType securedObjectType, String scriptName) {
-            this.securedObjectType = securedObjectType;
-            this.scriptName = scriptName;
+        NamedIdentityType(SecuredObjectType type) {
+            this.securedObjectType = type;
+            this.scriptName = type.getName();
         }
 
         public String getScriptName() {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java
index 5230682587..5fa3ec6939 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/ApplicablePermissions.java
@@ -28,21 +28,21 @@
 import org.springframework.util.Assert;
 import ru.runa.wfe.commons.CollectionUtil;
 
-import static ru.runa.wfe.security.Permission.ALL;
 import static ru.runa.wfe.security.Permission.CANCEL;
 import static ru.runa.wfe.security.Permission.CANCEL_PROCESS;
-import static ru.runa.wfe.security.Permission.CREATE;
+import static ru.runa.wfe.security.Permission.CHANGE_SELF_PASSWORD;
+import static ru.runa.wfe.security.Permission.CREATE_DEFINITION;
+import static ru.runa.wfe.security.Permission.CREATE_EXECUTOR;
 import static ru.runa.wfe.security.Permission.DELETE;
-import static ru.runa.wfe.security.Permission.LIST;
 import static ru.runa.wfe.security.Permission.LOGIN;
 import static ru.runa.wfe.security.Permission.READ;
 import static ru.runa.wfe.security.Permission.READ_PERMISSIONS;
 import static ru.runa.wfe.security.Permission.READ_PROCESS;
-import static ru.runa.wfe.security.Permission.START;
+import static ru.runa.wfe.security.Permission.START_PROCESS;
 import static ru.runa.wfe.security.Permission.UPDATE;
 import static ru.runa.wfe.security.Permission.UPDATE_PERMISSIONS;
-import static ru.runa.wfe.security.Permission.UPDATE_SELF;
-import static ru.runa.wfe.security.Permission.UPDATE_STATUS;
+import static ru.runa.wfe.security.Permission.UPDATE_ACTOR_STATUS;
+import static ru.runa.wfe.security.Permission.VIEW_LOGS;
 import static ru.runa.wfe.security.Permission.VIEW_TASKS;
 
 /**
@@ -205,70 +205,43 @@ public static void check(SecuredObject obj, Collection<Permission> permissions)
     // List types in aplhabetic order, please. For each type:
     // - Visible permissions: add(type, ...) - in the order they'll appear in editor.
     // - Default permissions: .defaults(...) - in any order; optional: if omitted, first visible permission will be used.
-    // - Hidden  permissions: .hidden(...)   - in any order; READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST (unless visible) must be present for all types.
+    // - Hidden  permissions: .hidden(...)   - in any order; READ_PERMISSIONS, UPDATE_PERMISSIONS, READ (unless visible) must be present for all types.
     // ATTENTION!!! Lists of visible permissions are duplicated in RefactorPermissionsStep3 migration.
     static {
+        add(SecuredObjectType.BOTSTATIONS, READ, UPDATE_PERMISSIONS, UPDATE)
+                .defaults(READ)
+                .hidden(READ_PERMISSIONS);
 
-        // System singleton:
-        add(SecuredObjectType.BOTSTATIONS, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
-
-        // System singleton:
-        add(SecuredObjectType.DATAFILE, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
-
-        add(SecuredObjectType.DEFINITION, ALL, LIST, READ, UPDATE, START, READ_PROCESS, CANCEL_PROCESS)
-                .defaults(LIST)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS);
-
-        add(SecuredObjectType.DEFINITIONS, ALL, LIST, READ, CREATE, UPDATE, START, READ_PROCESS, CANCEL_PROCESS)
-                .defaults(LIST)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS);
-
-        // System singleton:
-        add(SecuredObjectType.ERRORS, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
-
-        add(SecuredObjectType.EXECUTOR, LIST, READ, VIEW_TASKS, UPDATE, UPDATE_STATUS, DELETE)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS);
-
-        add(SecuredObjectType.EXECUTORS, ALL, LOGIN, LIST, READ, VIEW_TASKS, CREATE, UPDATE, UPDATE_STATUS, UPDATE_SELF, DELETE)
-                .defaults(LOGIN)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS);
-
-        // System singleton:
-        add(SecuredObjectType.LOGS, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
-
-        add(SecuredObjectType.PROCESS, ALL, LIST, READ, CANCEL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS);
+        add(SecuredObjectType.DEFINITION, READ, UPDATE_PERMISSIONS, UPDATE, DELETE, START_PROCESS, READ_PROCESS, CANCEL_PROCESS)
+                .defaults(READ)
+                .hidden(READ_PERMISSIONS);
 
-        add(SecuredObjectType.PROCESSES, ALL, LIST, READ, CANCEL)
-                .defaults(LIST)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS);
+        add(SecuredObjectType.EXECUTOR, READ, UPDATE_PERMISSIONS, UPDATE, UPDATE_ACTOR_STATUS, VIEW_TASKS)
+                .defaults(READ)
+                .hidden(READ_PERMISSIONS);
 
-        // System singleton:
-        add(SecuredObjectType.RELATIONS, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
+        add(SecuredObjectType.PROCESS, READ, UPDATE_PERMISSIONS, CANCEL)
+                .defaults(READ)
+                .hidden(READ_PERMISSIONS);
 
-        add(SecuredObjectType.REPORT, ALL, READ)
+        add(SecuredObjectType.RELATION, READ, UPDATE_PERMISSIONS, UPDATE)
                 .defaults(READ)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
+                .hidden(READ_PERMISSIONS);
 
-        add(SecuredObjectType.REPORTS, ALL, READ)
+        add(SecuredObjectType.RELATIONS, READ, UPDATE_PERMISSIONS, UPDATE)
                 .defaults(READ)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
+                .hidden(READ_PERMISSIONS);
 
-        // System singleton:
-        add(SecuredObjectType.SCRIPTS, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
+        add(SecuredObjectType.REPORT, READ, UPDATE_PERMISSIONS, UPDATE)
+                .defaults(READ)
+                .hidden(READ_PERMISSIONS);
 
-        // System singleton:
-        add(SecuredObjectType.SUBSTITUTION_CRITERIAS, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
+        add(SecuredObjectType.REPORTS, READ, UPDATE_PERMISSIONS, UPDATE)
+                .defaults(READ)
+                .hidden(READ_PERMISSIONS);
 
-        // System singleton:
-        add(SecuredObjectType.SYSTEM, ALL)
-                .hidden(READ_PERMISSIONS, UPDATE_PERMISSIONS, LIST);
+        add(SecuredObjectType.SYSTEM, READ, UPDATE_PERMISSIONS, LOGIN, CHANGE_SELF_PASSWORD, CREATE_EXECUTOR, CREATE_DEFINITION, VIEW_LOGS)
+                .defaults(LOGIN)
+                .hidden(READ_PERMISSIONS);
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java b/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java
index 202abc26f8..744e64455d 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/Permission.java
@@ -143,28 +143,27 @@ public boolean equals(Object obj) {
     }
 
     /**
-     * All permissions.
-     */
-    public static final Permission ALL = new Permission("ALL");
-
-    /**
-     * Cancel specific process or any processes.
+     * Applies to process: cancel specific process.
      */
     public static final Permission CANCEL = new Permission("CANCEL");
 
     /**
-     * Grant CANCEL permission for process started from specific definition or from any definitions.
+     * Applies to definition: grants CANCEL permission for process started from specific definition.
      */
     public static final Permission CANCEL_PROCESS = new Permission("CANCEL_PROCESS");
 
+    public static final Permission CHANGE_SELF_PASSWORD = new Permission("CHANGE_SELF_PASSWORD");
+
     /**
-     * Create or import object of specific type.
+     * Create or import process definition.
      */
-    public static final Permission CREATE = new Permission("CREATE");
+    public static final Permission CREATE_DEFINITION = new Permission("CREATE_DEFINITION");
 
     /**
-     * Delete specific object (when applied to that object), or any object of specific type (when applied to objects list).
+     * Create or import executor.
      */
+    public static final Permission CREATE_EXECUTOR = new Permission("CREATE_EXECUTOR");
+
     public static final Permission DELETE = new Permission("DELETE");
 
     /**
@@ -181,54 +180,27 @@ public boolean equals(Object obj) {
      */
     public static final Permission NONE = new Permission("NONE");
 
-    /**
-     * Read objects list, corresponding menu item is visible.
-     * When applied to specific objects instead of whole list, only those objects will be visible in list.
-     */
-    public static final Permission LIST = new Permission("LIST");
-
     /**
      * Can read and export any object details.
      */
     public static final Permission READ = new Permission("READ");
 
     /**
-     * Can read object permissions.
+     * View or download Wildfly server logs.
      */
+    public static final Permission VIEW_LOGS = new Permission("VIEW_LOGS");
+
     public static final Permission READ_PERMISSIONS = new Permission("READ_PERMISSIONS");
 
-    /**
-     * Grant READ permission for process started from specific definition or from any definitions.
-     */
     public static final Permission READ_PROCESS = new Permission("READ_PROCESS");
 
-    /**
-     * Can start specific process (when applied to process) or any processes (when applied to process list).
-     */
-    public static final Permission START = new Permission("START");
+    public static final Permission START_PROCESS = new Permission("START_PROCESS");
 
-    /**
-     * Can edit specific object (when applied to that object) or any object of specific type (when applied to objects list).
-     */
     public static final Permission UPDATE = new Permission("UPDATE");
 
-    /**
-     * Can edit object permissions.
-     */
-    public static final Permission UPDATE_PERMISSIONS = new Permission("UPDATE_PERMISSIONS");
+    public static final Permission UPDATE_ACTOR_STATUS = new Permission("UPDATE_ACTOR_STATUS");
 
-    /**
-     * Actor can edit his own profile.
-     */
-    public static final Permission UPDATE_SELF = new Permission("UPDATE_SELF");
-
-    /**
-     * Can edit actors's status.
-     */
-    public static final Permission UPDATE_STATUS = new Permission("UPDATE_STATUS");
+    public static final Permission UPDATE_PERMISSIONS = new Permission("UPDATE_PERMISSIONS");
 
-    /**
-     * Can view actor's tasks.
-     */
     public static final Permission VIEW_TASKS = new Permission("VIEW_TASKS");
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/PermissionSubstitutions.java b/wfe-core/src/main/java/ru/runa/wfe/security/PermissionSubstitutions.java
index 420d1f7a2e..638e723872 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/PermissionSubstitutions.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/PermissionSubstitutions.java
@@ -8,47 +8,30 @@
 import java.util.Set;
 import ru.runa.wfe.commons.CollectionUtil;
 
-import static ru.runa.wfe.security.Permission.ALL;
 import static ru.runa.wfe.security.Permission.CANCEL;
-import static ru.runa.wfe.security.Permission.CANCEL_PROCESS;
-import static ru.runa.wfe.security.Permission.CREATE;
-import static ru.runa.wfe.security.Permission.DELETE;
-import static ru.runa.wfe.security.Permission.LIST;
-import static ru.runa.wfe.security.Permission.LOGIN;
 import static ru.runa.wfe.security.Permission.READ;
 import static ru.runa.wfe.security.Permission.READ_PERMISSIONS;
-import static ru.runa.wfe.security.Permission.READ_PROCESS;
-import static ru.runa.wfe.security.Permission.START;
+import static ru.runa.wfe.security.Permission.START_PROCESS;
 import static ru.runa.wfe.security.Permission.UPDATE;
-import static ru.runa.wfe.security.Permission.UPDATE_PERMISSIONS;
-import static ru.runa.wfe.security.Permission.UPDATE_SELF;
-import static ru.runa.wfe.security.Permission.UPDATE_STATUS;
-import static ru.runa.wfe.security.Permission.VIEW_TASKS;
+import static ru.runa.wfe.security.Permission.UPDATE_ACTOR_STATUS;
 import static ru.runa.wfe.security.SecuredObjectType.BOTSTATIONS;
-import static ru.runa.wfe.security.SecuredObjectType.DATAFILE;
 import static ru.runa.wfe.security.SecuredObjectType.DEFINITION;
-import static ru.runa.wfe.security.SecuredObjectType.DEFINITIONS;
-import static ru.runa.wfe.security.SecuredObjectType.ERRORS;
-import static ru.runa.wfe.security.SecuredObjectType.EXECUTORS;
 import static ru.runa.wfe.security.SecuredObjectType.EXECUTOR;
-import static ru.runa.wfe.security.SecuredObjectType.LOGS;
 import static ru.runa.wfe.security.SecuredObjectType.PROCESS;
-import static ru.runa.wfe.security.SecuredObjectType.PROCESSES;
+import static ru.runa.wfe.security.SecuredObjectType.RELATION;
 import static ru.runa.wfe.security.SecuredObjectType.RELATIONS;
 import static ru.runa.wfe.security.SecuredObjectType.REPORT;
 import static ru.runa.wfe.security.SecuredObjectType.REPORTS;
-import static ru.runa.wfe.security.SecuredObjectType.SCRIPTS;
-import static ru.runa.wfe.security.SecuredObjectType.SUBSTITUTION_CRITERIAS;
 import static ru.runa.wfe.security.SecuredObjectType.SYSTEM;
 
 /**
- * A registry of permission substitutions. For example, if UPDATE_STATUS permission is checked on specific ACTOR, access should be granted
+ * A registry of permission substitutions. For example, if UPDATE_ACTOR_STATUS permission is checked on specific ACTOR, access should be granted
  * if any of next permissions are granted:
  *
  * <ul>
- *     <li>UPDATE_STATUS on given ACTOR (as requested);
+ *     <li>UPDATE_ACTOR_STATUS on given ACTOR (as requested);
  *     <li>UPDATE on given ACTOR;
- *     <li>UPDATE_STATUS on all EXECUTORS;
+ *     <li>UPDATE_ACTOR_STATUS on all EXECUTORS;
  *     <li>UPDATE on all EXECUTORS;
  *     <li>ALL on all EXECUTORS.
  * </ul>
@@ -57,7 +40,7 @@
  * then ALL on EXECUTORS assumes UPDATE on any ACTOR.
  * <p>
  * Used by PermissionDAO.isAllowed() methods. Also may be used by permission editor forms: e.g. if admin checks ALL permission on EXECUTORS,
- * then UPDATE and UPDATE_STATUS checkboxes should be disabled.
+ * then UPDATE and UPDATE_ACTOR_STATUS checkboxes should be disabled.
  *
  * @see SecuredObjectType
  * @see Permission
@@ -266,109 +249,32 @@ public static ForCheck getForCheck(SecuredObjectType t, Permission p) {
 
     // In alphabetic order, please:
     static {
+        add(BOTSTATIONS, READ).self(UPDATE);
+        add(BOTSTATIONS, READ_PERMISSIONS).self(READ);
 
-        // System singleton:
-        add(BOTSTATIONS, LIST).self(ALL);
-        add(BOTSTATIONS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(BOTSTATIONS, UPDATE_PERMISSIONS).self(ALL);
-
-        // System singleton:
-        add(DATAFILE, LIST).self(ALL);
-        add(DATAFILE, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(DATAFILE, UPDATE_PERMISSIONS).self(ALL);
-
-        add(DEFINITION, CANCEL_PROCESS).self(ALL).list();
-        add(DEFINITION, ALL).list();
-        add(DEFINITION, LIST).self(ALL, READ, START, UPDATE).list();
-        add(DEFINITION, READ).self(ALL, UPDATE).list();
-        add(DEFINITION, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS, READ).list();
-        add(DEFINITION, READ_PROCESS).self(ALL).list();
-        add(DEFINITION, START).self(ALL).list();
-        add(DEFINITION, UPDATE).self(ALL).list();
-        add(DEFINITION, UPDATE_PERMISSIONS).self(ALL, UPDATE).list();
-
-        add(DEFINITIONS, CANCEL_PROCESS).self(ALL);
-        add(DEFINITIONS, CREATE).self(ALL);
-        add(DEFINITIONS, LIST).self(ALL, READ, START, CREATE, UPDATE);
-        add(DEFINITIONS, READ).self(ALL, UPDATE);
-        add(DEFINITIONS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS, READ);
-        add(DEFINITIONS, READ_PROCESS).self(ALL);
-        add(DEFINITIONS, START).self(ALL);
-        add(DEFINITIONS, UPDATE).self(ALL);
-        add(DEFINITIONS, UPDATE_PERMISSIONS).self(ALL, UPDATE);
-
-        // System singleton:
-        add(ERRORS, LIST).self(ALL);
-        add(ERRORS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(ERRORS, UPDATE_PERMISSIONS).self(ALL);
-
-        add(EXECUTOR, DELETE).list();
-        add(EXECUTOR, LIST).self(READ, UPDATE_STATUS, DELETE).list();
-        add(EXECUTOR, READ).self(UPDATE).list();
-        add(EXECUTOR, READ_PERMISSIONS).self(UPDATE_PERMISSIONS, READ).list();
-        add(EXECUTOR, UPDATE).list();
-        add(EXECUTOR, UPDATE_STATUS).self(UPDATE).list();
-        add(EXECUTOR, UPDATE_PERMISSIONS).self(UPDATE).list();
-
-        add(EXECUTORS, CREATE).self(ALL);
-        add(EXECUTORS, DELETE).self(ALL);
-        add(EXECUTORS, LOGIN).self(ALL);
-        add(EXECUTORS, LIST).self(ALL, READ, UPDATE_STATUS, DELETE);
-        add(EXECUTORS, READ).self(ALL, UPDATE);
-        add(EXECUTORS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS, READ);
-        add(EXECUTORS, VIEW_TASKS).self(ALL);
-        add(EXECUTORS, UPDATE).self(ALL);
-        add(EXECUTORS, UPDATE_PERMISSIONS).self(ALL, UPDATE);
-        add(EXECUTORS, UPDATE_SELF).self(ALL, UPDATE);
-        add(EXECUTORS, UPDATE_STATUS).self(ALL, UPDATE);
-
-        // System singleton:
-        add(LOGS, LIST).self(ALL);
-        add(LOGS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(LOGS, UPDATE_PERMISSIONS).self(ALL);
-
-        add(PROCESS, ALL).list();
-        add(PROCESS, CANCEL).self(ALL).list();
-        add(PROCESS, LIST).self(ALL, READ, CANCEL).list();
-        add(PROCESS, READ).self(ALL).list();
-        add(PROCESS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS).list();
-        add(PROCESS, UPDATE_PERMISSIONS).self(ALL).list();
-
-        add(PROCESSES, CANCEL).self(ALL);
-        add(PROCESSES, LIST).self(ALL, READ, CANCEL);
-        add(PROCESSES, READ).self(ALL);
-        add(PROCESSES, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(PROCESSES, UPDATE_PERMISSIONS).self(ALL);
-
-        // System singleton:
-        add(RELATIONS, LIST).self(ALL);
-        add(RELATIONS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(RELATIONS, UPDATE_PERMISSIONS).self(ALL);
-
-        add(REPORT, ALL).list();
-        add(REPORT, READ).self(ALL).list();
-        add(REPORT, LIST).self(READ).list();
-        add(REPORT, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS).list();
-        add(REPORT, UPDATE_PERMISSIONS).self(ALL).list();
-
-        add(REPORTS, READ).self(ALL);
-        add(REPORTS, LIST).self(READ);
-        add(REPORTS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(REPORTS, UPDATE_PERMISSIONS).self(ALL);
-
-        // System singleton:
-        add(SCRIPTS, LIST).self(ALL);
-        add(SCRIPTS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(SCRIPTS, UPDATE_PERMISSIONS).self(ALL);
-
-        // System singleton:
-        add(SUBSTITUTION_CRITERIAS, LIST).self(ALL);
-        add(SUBSTITUTION_CRITERIAS, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(SUBSTITUTION_CRITERIAS, UPDATE_PERMISSIONS).self(ALL);
-
-        // System singleton:
-        add(SYSTEM, LIST).self(ALL);
-        add(SYSTEM, READ_PERMISSIONS).self(ALL, UPDATE_PERMISSIONS);
-        add(SYSTEM, UPDATE_PERMISSIONS).self(ALL);
+        add(DEFINITION, READ).self(START_PROCESS, UPDATE);
+        add(DEFINITION, READ_PERMISSIONS).self(READ);
+
+        add(EXECUTOR, READ).self(UPDATE, UPDATE_ACTOR_STATUS);
+        add(EXECUTOR, READ_PERMISSIONS).self(READ);
+
+        add(PROCESS, READ).self(CANCEL);
+        add(PROCESS, READ_PERMISSIONS).self(READ);
+
+        add(RELATION, UPDATE).list();
+        add(RELATION, READ).self(UPDATE).list();
+        add(RELATION, READ_PERMISSIONS).self(READ);
+
+        add(RELATIONS, READ).self(UPDATE);
+        add(RELATIONS, READ_PERMISSIONS).self(READ);
+
+        add(REPORT, UPDATE).list();
+        add(REPORT, READ).self(UPDATE).list();
+        add(REPORT, READ_PERMISSIONS).self(READ);
+
+        add(REPORTS, READ).self(UPDATE);
+        add(REPORTS, READ_PERMISSIONS).self(READ);
+
+        add(SYSTEM, READ_PERMISSIONS).self(READ);
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java
index e1be661f83..8fd7b9ba47 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectFactory.java
@@ -9,14 +9,13 @@
 import java.util.Set;
 import org.apache.commons.lang.NotImplementedException;
 import org.springframework.stereotype.Component;
-import org.springframework.util.Assert;
 import ru.runa.wfe.commons.ApplicationContextFactory;
 import ru.runa.wfe.commons.querydsl.HibernateQueryFactory;
 import ru.runa.wfe.definition.QDeployment;
 import ru.runa.wfe.execution.QProcess;
+import ru.runa.wfe.relation.QRelation;
 import ru.runa.wfe.report.QReportDefinition;
 import ru.runa.wfe.report.dto.WfReport;
-import ru.runa.wfe.user.Executor;
 import ru.runa.wfe.user.QExecutor;
 
 /**
@@ -165,11 +164,11 @@ public static void add(SecuredSingleton singleton) {
         add(singleton.getSecuredObjectType(), new SingletonLoader(singleton));
     }
 
+
+    // Alphabetically, please:
     static {
 
         add(SecuredSingleton.BOTSTATIONS);
-        add(SecuredSingleton.DATAFILE);
-        add(SecuredSingleton.DEFINITIONS);
 
         add(SecuredObjectType.DEFINITION, new Loader(SecuredObjectType.DEFINITION) {
             @Override
@@ -188,8 +187,6 @@ List<Tuple> getByNames(Set<String> names) {
             }
         });
 
-        add(SecuredSingleton.ERRORS);
-
         add(SecuredObjectType.EXECUTOR, new Loader(SecuredObjectType.EXECUTOR) {
             @Override
             public SecuredObject findById(Long id) {
@@ -209,10 +206,6 @@ List<Tuple> getByNames(Set<String> names) {
             }
         });
 
-        add(SecuredSingleton.EXECUTORS);
-
-        add(SecuredSingleton.LOGS);
-
         add(SecuredObjectType.PROCESS, new Loader(SecuredObjectType.PROCESS) {
             @Override
             public SecuredObject findById(Long id) {
@@ -221,8 +214,16 @@ public SecuredObject findById(Long id) {
             }
         });
 
-        add(SecuredSingleton.PROCESSES);
         add(SecuredSingleton.RELATIONS);
+
+        add(SecuredObjectType.RELATION, new Loader(SecuredObjectType.RELATION) {
+            @Override
+            public SecuredObject findById(Long id) {
+                QRelation r = QRelation.relation;
+                return getQueryFactory().selectFrom(r).where(r.id.eq(id)).fetchFirst();
+            }
+        });
+
         add(SecuredSingleton.REPORTS);
 
         add(SecuredObjectType.REPORT, new Loader(SecuredObjectType.REPORT) {
@@ -233,8 +234,6 @@ public SecuredObject findById(Long id) {
             }
         });
 
-        add(SecuredSingleton.SCRIPTS);
-        add(SecuredSingleton.SUBSTITUTION_CRITERIAS);
         add(SecuredSingleton.SYSTEM);
     }
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java
index 4a54a55e10..864e305d28 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredObjectType.java
@@ -6,6 +6,8 @@
 import java.util.HashMap;
 import java.util.List;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import lombok.Getter;
+import lombok.NonNull;
 import ru.runa.wfe.commons.xml.SecuredObejctTypeXmlAdapter;
 
 /**
@@ -45,47 +47,50 @@ public static List<SecuredObjectType> values() {
     }
 
 
+    @Getter
     private String name;
+
+    /**
+     * Used for assertions. Currently, all non-singletons (those <code>permission_mapping.object_id != 0</code>) have parent singleton list types.
+     */
+    @Getter
+    private boolean singleton;
+
+    /**
+     * Used by PermissionSubstitutions and its callers. Nullable.
+     */
+    @Getter
     private SecuredObjectType listType;
 
-    public SecuredObjectType(String name, SecuredObjectType listType) {
+    private SecuredObjectType(String name, boolean singleton, SecuredObjectType listType) {
         if (name == null || name.isEmpty() || name.length() > 32) {
             // permission_mapping.object_type is varchar(32)
             throw new RuntimeException("SecuredObjectType.name is empty or too large");
         }
-        this.name = name;
         if (instancesByName.put(name, this) != null) {
             throw new RuntimeException("Duplicate SecuredObjectType.name \"" + name + "\"");
         }
 
+        if (listType != null && singleton) {
+            throw new RuntimeException("(listType.listType != null && singleton) for SecuredObjectType \"" + name + "\"");
+        }
         if (listType != null && listType.listType != null) {
             throw new RuntimeException("(listType.listType != null) for SecuredObjectType \"" + name + "\"");
         }
+
+        this.name = name;
+        this.singleton = singleton;
         this.listType = listType;
         instancesList.add(this);
         Collections.sort(instancesList);
     }
 
-    public SecuredObjectType(String name) {
-        this(name, null);
+    public SecuredObjectType(String name, @NonNull SecuredObjectType listType) {
+        this(name, false, listType);
     }
 
-    public String getName() {
-        return name;
-    }
-
-    /**
-     * Used by PermissionSubstitutions and its callers. Nullable.
-     */
-    public SecuredObjectType getListType() {
-        return listType;
-    }
-
-    /**
-     * Used for assertions. Currently, all non-singletons (those <code>permission_mapping.object_id != 0</code>) have parent singleton list types.
-     */
-    public boolean isSingleton() {
-        return listType == null;
+    public SecuredObjectType(String name, boolean singleton) {
+        this(name, singleton, null);
     }
 
     @Override
@@ -111,28 +116,22 @@ public boolean equals(Object obj) {
         return super.equals(obj);
     }
 
-    // Lists & list items:
 
-    public static final SecuredObjectType EXECUTORS = new SecuredObjectType("EXECUTORS");
-    public static final SecuredObjectType EXECUTOR = new SecuredObjectType("EXECUTOR", EXECUTORS);
+    // Alphabetically, please:
 
-    public static final SecuredObjectType DEFINITIONS = new SecuredObjectType("DEFINITIONS");
-    public static final SecuredObjectType DEFINITION = new SecuredObjectType("DEFINITION", DEFINITIONS);
+    public static final SecuredObjectType BOTSTATIONS = new SecuredObjectType("BOTSTATIONS", true);
 
-    public static final SecuredObjectType PROCESSES = new SecuredObjectType("PROCESSES");
-    public static final SecuredObjectType PROCESS = new SecuredObjectType("PROCESS", PROCESSES);
+    public static final SecuredObjectType DEFINITION = new SecuredObjectType("DEFINITION", false);
 
-    public static final SecuredObjectType REPORTS = new SecuredObjectType("REPORTS");
-    public static final SecuredObjectType REPORT = new SecuredObjectType("REPORT", REPORTS);
+    public static final SecuredObjectType EXECUTOR = new SecuredObjectType("EXECUTOR", false);
 
-    // Standalone singleton types, alphabetically:
+    public static final SecuredObjectType PROCESS = new SecuredObjectType("PROCESS", false);
+
+    public static final SecuredObjectType RELATIONS = new SecuredObjectType("RELATIONS", true);
+    public static final SecuredObjectType RELATION = new SecuredObjectType("RELATION", RELATIONS);
+
+    public static final SecuredObjectType REPORTS = new SecuredObjectType("REPORTS", true);
+    public static final SecuredObjectType REPORT = new SecuredObjectType("REPORT", REPORTS);
 
-    public static final SecuredObjectType BOTSTATIONS = new SecuredObjectType("BOTSTATIONS");
-    public static final SecuredObjectType DATAFILE = new SecuredObjectType("DATAFILE");
-    public static final SecuredObjectType ERRORS = new SecuredObjectType("ERRORS");
-    public static final SecuredObjectType LOGS = new SecuredObjectType("LOGS");
-    public static final SecuredObjectType RELATIONS = new SecuredObjectType("RELATIONS");
-    public static final SecuredObjectType SCRIPTS = new SecuredObjectType("SCRIPTS");
-    public static final SecuredObjectType SUBSTITUTION_CRITERIAS = new SecuredObjectType("SUBSTITUTION_CRITERIAS");
-    public static final SecuredObjectType SYSTEM = new SecuredObjectType("SYSTEM");
+    public static final SecuredObjectType SYSTEM = new SecuredObjectType("SYSTEM", true);
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java
index 7f0822b732..86cdd886e2 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/SecuredSingleton.java
@@ -53,18 +53,11 @@ public final SecuredObjectType getSecuredObjectType() {
         return type;
     }
 
+
     // Alphabetically, please:
 
     public static final SecuredSingleton BOTSTATIONS = new SecuredSingleton(SecuredObjectType.BOTSTATIONS);
-    public static final SecuredSingleton DATAFILE = new SecuredSingleton(SecuredObjectType.DATAFILE);
-    public static final SecuredSingleton DEFINITIONS = new SecuredSingleton(SecuredObjectType.DEFINITIONS);
-    public static final SecuredSingleton ERRORS = new SecuredSingleton(SecuredObjectType.ERRORS);
-    public static final SecuredSingleton EXECUTORS = new SecuredSingleton(SecuredObjectType.EXECUTORS);
-    public static final SecuredSingleton LOGS = new SecuredSingleton(SecuredObjectType.LOGS);
-    public static final SecuredSingleton PROCESSES = new SecuredSingleton(SecuredObjectType.PROCESSES);
     public static final SecuredSingleton RELATIONS = new SecuredSingleton(SecuredObjectType.RELATIONS);
     public static final SecuredSingleton REPORTS = new SecuredSingleton(SecuredObjectType.REPORTS);
-    public static final SecuredSingleton SCRIPTS = new SecuredSingleton(SecuredObjectType.SCRIPTS);
-    public static final SecuredSingleton SUBSTITUTION_CRITERIAS = new SecuredSingleton(SecuredObjectType.SUBSTITUTION_CRITERIAS);
     public static final SecuredSingleton SYSTEM = new SecuredSingleton(SecuredObjectType.SYSTEM);
 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java
index 525329fc36..1b26f8421f 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/AuthorizationLogic.java
@@ -44,7 +44,6 @@
 import ru.runa.wfe.definition.QDeployment;
 import ru.runa.wfe.presentation.BatchPresentation;
 import ru.runa.wfe.presentation.hibernate.PresentationConfiguredCompiler;
-import ru.runa.wfe.security.AuthorizationException;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.security.SecuredObjectFactory;
@@ -96,12 +95,6 @@ public int hashCode() {
         }
     }
 
-    public void checkAllowedUpdateExecutor(User user, Executor object) {
-        if (!isAllowedUpdateExecutor(user, object)) {
-            throw new AuthorizationException("User " + user + " does not have permissions to update " + object);
-        }
-    }
-
     public boolean isAllowed(User user, Permission permission, SecuredObject object) {
         return permissionDao.isAllowed(user, permission, object.getSecuredObjectType(), object.getIdentifiableId());
     }
@@ -118,31 +111,21 @@ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectTy
         return permissionDao.isAllowedForAny(user, permission, securedObjectType);
     }
 
-    public boolean isAllowedUpdateExecutor(User user, Executor object) {
-        return isAllowed(user, Permission.UPDATE, object) || (
-                Objects.equals(user.getActor().getId(), object.getId()) &&
-                        isAllowed(user, Permission.UPDATE_SELF, SecuredSingleton.EXECUTORS)
-        );
-    }
-
-    public boolean isAllowedUpdateExecutor(User user, Long id) {
-        return isAllowedUpdateExecutor(user, executorDao.getExecutor(id));
-    }
-
     public List<Permission> getIssuedPermissions(User user, Executor performer, SecuredObject securedObject) {
-        checkPermissionsOnExecutor(user, performer, Permission.LIST);
-        permissionDao.checkAllowed(user, Permission.LIST, securedObject);
+        checkPermissionsOnExecutor(user, performer, Permission.READ);
+        permissionDao.checkAllowed(user, Permission.READ_PERMISSIONS, securedObject);
         return permissionDao.getIssuedPermissions(performer, securedObject);
     }
 
 
     /**
-     * Exports permissions to xml, see: manage_datafile, ExportDataFileAction.
+     * Exports permissions to xml, see: ExportDataFileAction.
      * <p>
      * Placed here and added all that PermissionService stuff, because must be executed under transaction.
      */
     public void exportDataFile(User user, Document script) {
-        permissionDao.checkAllowed(user, Permission.ALL, SecuredSingleton.DATAFILE);
+        // TODO See #1586-5, #1586-6. Looks like v4.3 had no permission checks for this operation at all.
+        permissionDao.checkAllowed(user, Permission.READ, SecuredSingleton.SYSTEM);
         Element parentElement = script.getRootElement();
         QPermissionMapping pm = QPermissionMapping.permissionMapping;
         QExecutor e = QExecutor.executor;
@@ -203,9 +186,6 @@ public void exportDataFile(User user, Document script) {
         }
     }
 
-    // ********************************************************************************************************************************
-    // ***** !!!!! DON'T MERGE THIS INTO develop !!!!! This is temporary solution, before table BPM_PROCESS_DEFINITION_VER was created.
-    // ********************************************************************************************************************************
     private static class ExportDataFilePermissionRow {
         final Permission permission;
         final String executorName;
@@ -228,9 +208,6 @@ private static class ExportDataFilePermissionRow {
      * @param parentElement  Parent for "addPermissions" elements.
      * @param query  Must return fields in order: permission, executorName, objectType, [objectName].
      */
-    // ********************************************************************************************************************************
-    // ***** !!!!! DON'T MERGE THIS INTO develop !!!!! This is temporary solution, before table BPM_PROCESS_DEFINITION_VER was created.
-    // ********************************************************************************************************************************
     private void exportDataFilePermissions(Element parentElement, JPQLQuery<Tuple> query) {
         try (final CloseableIterator<Tuple> it = query.iterate()) {
             exportDataFilePermissionsImpl(parentElement, new CloseableIterator<ExportDataFilePermissionRow>() {
@@ -252,9 +229,6 @@ public ExportDataFilePermissionRow next() {
         }
     }
 
-    // ********************************************************************************************************************************
-    // ***** !!!!! DON'T MERGE THIS INTO develop !!!!! This is temporary solution, before table BPM_PROCESS_DEFINITION_VER was created.
-    // ********************************************************************************************************************************
     private void exportDataFilePermissions(Element parentElement, ArrayList<ExportDataFilePermissionRow> rows) {
         val it = rows.iterator();
         exportDataFilePermissionsImpl(parentElement, new CloseableIterator<ExportDataFilePermissionRow>() {
@@ -321,7 +295,7 @@ public void setPermissions(User user, String executorName, Map<SecuredObjectType
     private void setPermissionsImpl(User user, String executorName, Map<SecuredObjectType, Set<String>> objectNames, Set<Permission> permissions,
             boolean deleteExisting) {
         Executor executor = executorDao.getExecutor(executorName);  // [QSL] Only id is needed, or maybe even join would be enough.
-        permissionDao.checkAllowed(user, Permission.LIST, executor);
+        permissionDao.checkAllowed(user, Permission.READ, executor);
 
         QPermissionMapping pm = QPermissionMapping.permissionMapping;
 
@@ -405,7 +379,7 @@ public void removeAllPermissions(User user, String executorName, Map<SecuredObje
      */
     private void removePermissionsImpl(User user, String executorName, Map<SecuredObjectType, Set<String>> objectNames, Set<Permission> permissions) {
         Executor executor = executorDao.getExecutor(executorName);  // [QSL] Only id is needed, or maybe even join would be enough.
-        permissionDao.checkAllowed(user, Permission.LIST, executor);
+        permissionDao.checkAllowed(user, Permission.READ, executor);
 
         QPermissionMapping pm = QPermissionMapping.permissionMapping;
 
@@ -459,7 +433,7 @@ public void setPermissions(User user, Long executorId, Collection<Permission> pe
     }
 
     public void setPermissions(User user, Executor executor, Collection<Permission> permissions, SecuredObject securedObject) {
-        checkPermissionsOnExecutor(user, executor, Permission.LIST);
+        checkPermissionsOnExecutor(user, executor, Permission.READ);
         permissionDao.checkAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject);
         permissionDao.setPermissions(executor, permissions, securedObject);
     }
@@ -485,11 +459,12 @@ public List<? extends Executor> getExecutorsWithPermission(User user, SecuredObj
         List<Executor> executors = compiler.getBatch();
         for (Executor privelegedExecutor : permissionDao.getPrivilegedExecutors(securedObject.getSecuredObjectType())) {
             if (batchPresentation.getType().getPresentationClass().isInstance(privelegedExecutor)
-                    && permissionDao.isAllowed(user, Permission.LIST, privelegedExecutor)) {
-                if (hasPermission)
-                  executors.add(0, privelegedExecutor);
-                else
-                  executors.remove(privelegedExecutor);
+                    && permissionDao.isAllowed(user, Permission.READ, privelegedExecutor)) {
+                if (hasPermission) {
+                    executors.add(0, privelegedExecutor);
+                } else {
+                    executors.remove(privelegedExecutor);
+                }
             }
         }
         return executors;
diff --git a/wfe-core/src/main/java/ru/runa/wfe/security/logic/LdapLogic.java b/wfe-core/src/main/java/ru/runa/wfe/security/logic/LdapLogic.java
index 8fb0c7a1d9..6c6461dabf 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/security/logic/LdapLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/security/logic/LdapLogic.java
@@ -164,7 +164,7 @@ private int synchronizeActors(DirContext dirContext, Map<String, Actor> actorsBy
                     log.info("Creating " + actor);
                     executorDao.create(actor);
                     executorDao.addExecutorsToGroup(Lists.newArrayList(actor), importGroup);
-                    permissionDao.setPermissions(importGroup, Lists.newArrayList(Permission.LIST), actor);
+                    permissionDao.setPermissions(importGroup, Lists.newArrayList(Permission.READ), actor);
                     changesCount++;
                 } else {
                     ldapActorsToDelete.remove(actor);
@@ -254,13 +254,30 @@ private int synchronizeGroups(DirContext dirContext, Map<String, Actor> actorsBy
         controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
         Map<String, SearchResult> groupResultsByDistinguishedName = Maps.newHashMap();
         for (String ou : LdapProperties.getSynchronizationOrganizationUnits()) {
-            NamingEnumeration<SearchResult> list = dirContext.search(ou, OBJECT_CLASS_GROUP_FILTER, controls);
-            while (list.hasMore()) {
-                SearchResult searchResult = list.next();
-                if (searchResult.getAttributes().get(ATTR_GROUP_MEMBER) == null) {
-                    continue;
+            try {
+                NamingEnumeration<SearchResult> list = dirContext.search(ou, OBJECT_CLASS_GROUP_FILTER, controls);
+                while (list.hasMore()) {
+                    SearchResult searchResult = list.next();
+                    if (searchResult.getAttributes().get(ATTR_GROUP_MEMBER) == null) {
+                        continue;
+                    }
+                    groupResultsByDistinguishedName.put(searchResult.getNameInNamespace(), searchResult);
+                }
+                list.close();
+            } catch (SizeLimitExceededException e) {
+                for (String y : ALPHABETS) {
+                    NamingEnumeration<SearchResult> list = dirContext.search(ou,
+                            MessageFormat.format(LOGIN_FIRST_LETTER_FILTER, ATTR_GROUP_NAME, y, y.toLowerCase(), OBJECT_CLASS_GROUP_FILTER),
+                            controls);
+                    while (list.hasMore()) {
+                        SearchResult searchResult = list.next();
+                        if (searchResult.getAttributes().get(ATTR_GROUP_MEMBER) == null) {
+                            continue;
+                        }
+                        groupResultsByDistinguishedName.put(searchResult.getNameInNamespace(), searchResult);
+                    }
+                    list.close();
                 }
-                groupResultsByDistinguishedName.put(searchResult.getNameInNamespace(), searchResult);
             }
         }
         for (SearchResult searchResult : groupResultsByDistinguishedName.values()) {
@@ -279,7 +296,7 @@ private int synchronizeGroups(DirContext dirContext, Map<String, Actor> actorsBy
                 log.info("Creating " + group);
                 executorDao.create(group);
                 executorDao.addExecutorsToGroup(Lists.newArrayList(group), importGroup);
-                permissionDao.setPermissions(importGroup, Lists.newArrayList(Permission.LIST), group);
+                permissionDao.setPermissions(importGroup, Lists.newArrayList(Permission.READ), group);
                 changesCount++;
             } else {
                 ldapGroupsToDelete.remove(group);
@@ -357,7 +374,7 @@ private Group loadGroup(Group group) {
             group = executorDao.getGroup(group.getName());
         } else {
             group = executorDao.create(group);
-            permissionDao.setPermissions(group, Lists.newArrayList(Permission.LOGIN), SecuredSingleton.EXECUTORS);
+            permissionDao.setPermissions(group, Lists.newArrayList(Permission.LOGIN), SecuredSingleton.SYSTEM);
         }
         return group;
     }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/ss/logic/SubstitutionLogic.java b/wfe-core/src/main/java/ru/runa/wfe/ss/logic/SubstitutionLogic.java
index 6130b103b4..526efae67c 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/ss/logic/SubstitutionLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/ss/logic/SubstitutionLogic.java
@@ -85,7 +85,7 @@ public void create(User user, Substitution substitution) {
 
     public List<Substitution> getSubstitutions(User user, Long actorId) {
         Actor actor = executorDao.getActor(actorId);
-        checkPermissionsOnExecutor(user, actor, Permission.LIST);
+        checkPermissionsOnExecutor(user, actor, Permission.READ);
         return substitutionDao.getByActorId(actorId, true);
     }
 
diff --git a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskListBuilderImpl.java b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskListBuilderImpl.java
index 5e5afe51e0..31ac4f0525 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskListBuilderImpl.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskListBuilderImpl.java
@@ -167,11 +167,11 @@ public List<WfTask> getObservableTasks(Actor actor, BatchPresentation batchPrese
             if (!administrator) {
                 Executor executor = state.getTask().getExecutor();
                 if (executor instanceof Actor) {
-                    if (!permissionDao.permissionExists(actor, Permission.LIST, executor)) {
+                    if (!permissionDao.permissionExists(actor, Permission.READ, executor)) {
                         wfTask.setOwner(Actor.UNAUTHORIZED_ACTOR);
                     }
                 } else {
-                    if (!(executor instanceof TemporaryGroup) && !permissionDao.permissionExists(actor, Permission.LIST, executor)) {
+                    if (!(executor instanceof TemporaryGroup) && !permissionDao.permissionExists(actor, Permission.READ, executor)) {
                         wfTask.setOwner(Group.UNAUTHORIZED_GROUP);
                     }
                 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java
index ddea468b86..6c2043328a 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/task/logic/TaskLogic.java
@@ -4,7 +4,7 @@
 import com.google.common.base.Preconditions;
 import com.google.common.base.Throwables;
 import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -86,7 +86,7 @@ public WfTask completeTask(User user, Long taskId, Map<String, Object> variables
         ProcessError processError = new ProcessError(ProcessErrorType.system, task.getProcess().getId(), task.getNodeId());
         try {
             if (variables == null) {
-                variables = Maps.newHashMap();
+                variables = new HashMap<>();
             }
             ProcessDefinition processDefinition = getDefinition(task);
             ExecutionContext executionContext = new ExecutionContext(processDefinition, task);
@@ -98,7 +98,7 @@ public WfTask completeTask(User user, Long taskId, Map<String, Object> variables
             }
             // don't persist selected transition name
             String transitionName = (String) variables.remove(WfProcess.SELECTED_TRANSITION_KEY);
-            Map<String, Object> extraVariablesMap = Maps.newHashMap();
+            Map<String, Object> extraVariablesMap = new HashMap<>();
             extraVariablesMap.put(WfProcess.SELECTED_TRANSITION_KEY, transitionName);
             if (SystemProperties.isV3CompatibilityMode()) {
                 extraVariablesMap.put("transition", transitionName);
@@ -119,7 +119,7 @@ public WfTask completeTask(User user, Long taskId, Map<String, Object> variables
                 }
             }
             VariableProvider validationVariableProvider = new MapDelegableVariableProvider(extraVariablesMap, executionContext.getVariableProvider());
-            validateVariables(user, executionContext, validationVariableProvider, processDefinition, task.getNodeId(), variables);
+            validateVariables(executionContext, validationVariableProvider, processDefinition, task.getNodeId(), variables);
             processMultiTaskVariables(executionContext, task, variables);
             executionContext.setVariableValues(variables);
             Transition transition;
@@ -238,14 +238,14 @@ public List<WfTask> getTasks(User user, BatchPresentation batchPresentation) {
     public List<WfTask> getTasks(User user, Long processId, boolean includeSubprocesses) throws ProcessDoesNotExistException {
         List<WfTask> result = Lists.newArrayList();
         Process process = processDao.getNotNull(processId);
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         for (Task task : taskDao.findByProcess(process)) {
             result.add(taskObjectFactory.create(task, user.getActor(), false, null));
         }
         if (includeSubprocesses) {
             List<Process> subprocesses = nodeProcessDao.getSubprocessesRecursive(process);
             for (Process subprocess : subprocesses) {
-                permissionDao.checkAllowed(user, Permission.LIST, subprocess);
+                permissionDao.checkAllowed(user, Permission.READ, subprocess);
                 for (Task task : taskDao.findByProcess(subprocess)) {
                     result.add(taskObjectFactory.create(task, user.getActor(), false, null));
                 }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/user/logic/ExecutorLogic.java b/wfe-core/src/main/java/ru/runa/wfe/user/logic/ExecutorLogic.java
index 626f43d447..d82b88d238 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/user/logic/ExecutorLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/user/logic/ExecutorLogic.java
@@ -24,6 +24,7 @@
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
 import java.util.regex.Pattern;
 import lombok.val;
@@ -75,7 +76,7 @@ public boolean isExecutorExist(User user, String executorName) {
             return false;
         }
         Executor executor = executorDao.getExecutor(executorName);
-        permissionDao.checkAllowed(user, Permission.LIST, executor);
+        permissionDao.checkAllowed(user, Permission.READ, executor);
         return true;
     }
 
@@ -95,7 +96,7 @@ public int getExecutorsCount(User user, BatchPresentation batchPresentation) {
     }
 
     public Actor getActor(User user, String name) {
-        return checkPermissionsOnExecutor(user, executorDao.getActor(name), Permission.LIST);
+        return checkPermissionsOnExecutor(user, executorDao.getActor(name), Permission.READ);
     }
 
     public Actor getActorCaseInsensitive(String login) {
@@ -103,11 +104,11 @@ public Actor getActorCaseInsensitive(String login) {
     }
 
     public Group getGroup(User user, String name) {
-        return checkPermissionsOnExecutor(user, executorDao.getGroup(name), Permission.LIST);
+        return checkPermissionsOnExecutor(user, executorDao.getGroup(name), Permission.READ);
     }
 
     public Executor getExecutor(User user, String name) {
-        return checkPermissionsOnExecutor(user, executorDao.getExecutor(name), Permission.LIST);
+        return checkPermissionsOnExecutor(user, executorDao.getExecutor(name), Permission.READ);
     }
 
     public boolean isAdministrator(User user) {
@@ -115,7 +116,7 @@ public boolean isAdministrator(User user) {
     }
 
     public void remove(User user, List<Long> ids) {
-        List<Executor> executors = checkPermissionsOnExecutors(user, executorDao.getExecutors(ids), Permission.DELETE);
+        List<Executor> executors = checkPermissionsOnExecutors(user, executorDao.getExecutors(ids), Permission.UPDATE);
         for (Executor executor : executors) {
             remove(executor);
         }
@@ -141,11 +142,10 @@ public void remove(Executor executor) {
     }
 
     public <T extends Executor> T create(User user, T executor) {
-        permissionDao.checkAllowed(user, Permission.CREATE, SecuredSingleton.EXECUTORS);
+        permissionDao.checkAllowed(user, Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM);
         executorDao.create(executor);
-        val selfPermissions = Collections.singletonList(executor instanceof Group ? Permission.READ : Permission.LIST);
         permissionDao.setPermissions(user.getActor(), ApplicablePermissions.listVisible(executor), executor);
-        permissionDao.setPermissions(executor, selfPermissions, executor);
+        permissionDao.setPermissions(executor, Collections.singletonList(Permission.READ), executor);
         return executor;
     }
 
@@ -184,28 +184,26 @@ private void addExecutorToGroupsInternal(User user, Executor executor, List<Grou
     public List<Executor> getGroupChildren(User user, Group group, BatchPresentation batchPresentation, boolean isExclude) {
         // TODO Was (isExclude ? Permission.ADD_TO_GROUP : Permission.LIST_GROUP). That ADD_TO_GROUP is bad in get...() method.
         checkPermissionsOnExecutor(user, group, isExclude ? Permission.UPDATE : Permission.READ);
-        PresentationConfiguredCompiler<Executor> compiler = PresentationCompilerHelper.createGroupChildrenCompiler(user, group, batchPresentation,
-                !isExclude);
+        val compiler = PresentationCompilerHelper.createGroupChildrenCompiler(user, group, batchPresentation, isExclude);
         return compiler.getBatch();
     }
 
     public int getGroupChildrenCount(User user, Group group, BatchPresentation batchPresentation, boolean isExclude) {
         // TODO Was (isExclude ? Permission.ADD_TO_GROUP : Permission.LIST_GROUP). That ADD_TO_GROUP is bad in get...() method.
         checkPermissionsOnExecutor(user, group, isExclude ? Permission.UPDATE : Permission.READ);
-        PresentationConfiguredCompiler<Executor> compiler = PresentationCompilerHelper.createGroupChildrenCompiler(user, group, batchPresentation,
-                !isExclude);
+        val compiler = PresentationCompilerHelper.createGroupChildrenCompiler(user, group, batchPresentation, isExclude);
         return compiler.getCount();
     }
 
     public List<Actor> getGroupActors(User user, Group group) {
         checkPermissionsOnExecutor(user, group, Permission.READ);
         Set<Actor> groupActors = executorDao.getGroupActors(group);
-        return filterSecuredObject(user, Lists.newArrayList(groupActors), Permission.LIST);
+        return filterSecuredObject(user, Lists.newArrayList(groupActors), Permission.READ);
     }
 
     public List<Executor> getAllExecutorsFromGroup(User user, Group group) {
         checkPermissionsOnExecutor(user, group, Permission.READ);
-        return filterSecuredObject(user, executorDao.getAllNonGroupExecutorsFromGroup(group), Permission.LIST);
+        return filterSecuredObject(user, executorDao.getAllNonGroupExecutorsFromGroup(group), Permission.READ);
     }
 
     public void removeExecutorsFromGroup(User user, List<? extends Executor> executors, Group group) {
@@ -220,7 +218,7 @@ public void removeExecutorsFromGroup(User user, List<Long> executorIds, Long gro
 
     private void removeExecutorsFromGroupInternal(User user, List<? extends Executor> executors, Group group) {
         checkPermissionsOnExecutor(user, group, Permission.UPDATE);
-        checkPermissionsOnExecutors(user, executors, Permission.LIST);
+        checkPermissionsOnExecutors(user, executors, Permission.READ);
         executorDao.removeExecutorsFromGroup(executors, group);
     }
 
@@ -243,12 +241,18 @@ public void setPassword(User user, Actor actor, String password) {
         if (!Strings.isNullOrEmpty(passwordsRegexp) && !Pattern.compile(passwordsRegexp).matcher(password).matches()) {
             throw new WeakPasswordException();
         }
-        authorizationLogic.checkAllowedUpdateExecutor(user, actor);
+        if (!permissionDao.isAllowed(user, Permission.UPDATE, actor)) {
+            if (Objects.equals(actor.getId(), user.getActor().getId())) {
+                permissionDao.checkAllowed(user, Permission.CHANGE_SELF_PASSWORD, SecuredSingleton.SYSTEM);
+            } else {
+                throw new AuthorizationException(user + " hasn't permission to change password for actor " + actor);
+            }
+        }
         executorDao.setPassword(actor, password);
     }
 
     public Actor setStatus(User user, Actor actor, boolean isActive, boolean callHandlers) {
-        checkPermissionsOnExecutor(user, actor, Permission.UPDATE_STATUS);
+        checkPermissionsOnExecutor(user, actor, Permission.UPDATE_ACTOR_STATUS);
         Actor updated = executorDao.setStatus(actor, isActive);
         if (callHandlers) {
             for (SetStatusHandler handler : setStatusHandlers) {
@@ -263,22 +267,22 @@ public Actor setStatus(User user, Actor actor, boolean isActive, boolean callHan
     }
 
     public List<Group> getExecutorGroups(User user, Executor executor, BatchPresentation batchPresentation, boolean isExclude) {
-        checkPermissionsOnExecutor(user, executor, Permission.LIST);
+        checkPermissionsOnExecutor(user, executor, Permission.READ);
         PresentationConfiguredCompiler<Group> compiler = PresentationCompilerHelper.createExecutorGroupsCompiler(user, executor, batchPresentation,
                 !isExclude);
         return compiler.getBatch();
     }
 
     public int getExecutorGroupsCount(User user, Executor executor, BatchPresentation batchPresentation, boolean isExclude) {
-        checkPermissionsOnExecutor(user, executor, Permission.LIST);
+        checkPermissionsOnExecutor(user, executor, Permission.READ);
         PresentationConfiguredCompiler<Group> compiler = PresentationCompilerHelper.createExecutorGroupsCompiler(user, executor, batchPresentation,
                 !isExclude);
         return compiler.getCount();
     }
 
     public boolean isExecutorInGroup(User user, Executor executor, Group group) {
-        checkPermissionsOnExecutor(user, executor, Permission.LIST);
-        checkPermissionsOnExecutor(user, group, Permission.LIST);
+        checkPermissionsOnExecutor(user, executor, Permission.READ);
+        checkPermissionsOnExecutor(user, group, Permission.READ);
         return executorDao.isExecutorInGroup(executor, group);
     }
 
@@ -287,7 +291,7 @@ public Executor getExecutor(User user, Long id) {
     }
 
     public Actor getActorByCode(User user, Long code) {
-        return checkPermissionsOnExecutor(user, executorDao.getActorByCode(code), Permission.LIST);
+        return checkPermissionsOnExecutor(user, executorDao.getActorByCode(code), Permission.READ);
     }
 
     public Group saveTemporaryGroup(Group temporaryGroup, Collection<? extends Executor> newGroupExecutors) {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/user/logic/ProfileLogic.java b/wfe-core/src/main/java/ru/runa/wfe/user/logic/ProfileLogic.java
index b3398d8d51..6f488415e3 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/user/logic/ProfileLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/user/logic/ProfileLogic.java
@@ -52,7 +52,7 @@ public List<Profile> getProfiles(User user, List<Long> actorIds) throws Executor
         List<Profile> result = Lists.newArrayListWithCapacity(actorIds.size());
         for (Long actorId : actorIds) {
             Actor actor = executorDao.getActor(actorId);
-            permissionDao.checkAllowed(user, Permission.LIST, actor);
+            permissionDao.checkAllowed(user, Permission.READ, actor);
             result.add(getProfile(actor));
         }
         return result;
diff --git a/wfe-core/src/main/java/ru/runa/wfe/validation/FieldValidator.java b/wfe-core/src/main/java/ru/runa/wfe/validation/FieldValidator.java
index f077250748..10a537904c 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/validation/FieldValidator.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/validation/FieldValidator.java
@@ -5,11 +5,9 @@
 package ru.runa.wfe.validation;
 
 import java.util.Map;
-
 import ru.runa.wfe.execution.ExecutionContext;
-import ru.runa.wfe.user.User;
-import ru.runa.wfe.var.VariableProvider;
 import ru.runa.wfe.var.MapDelegableVariableProvider;
+import ru.runa.wfe.var.VariableProvider;
 
 /**
  * Base class for field validators.
@@ -20,9 +18,9 @@ public abstract class FieldValidator extends Validator {
     private Object fieldValue;
 
     @Override
-    public void init(User user, ExecutionContext executionContext, VariableProvider variableProvider, ValidatorConfig config,
+    public void init(ExecutionContext executionContext, VariableProvider variableProvider, ValidatorConfig config,
             ValidatorContext validatorContext, Map<String, Object> variables) {
-        super.init(user, executionContext, variableProvider, config, validatorContext, variables);
+        super.init(executionContext, variableProvider, config, validatorContext, variables);
         fieldName = config.getParams().get(FIELD_NAME_PARAMETER_NAME);
         VariableProvider newVariableProvider = new MapDelegableVariableProvider(variables, variableProvider);
         fieldValue = newVariableProvider.getValue(fieldName);
diff --git a/wfe-core/src/main/java/ru/runa/wfe/validation/Validator.java b/wfe-core/src/main/java/ru/runa/wfe/validation/Validator.java
index cbbcc10fce..a4b2e346a5 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/validation/Validator.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/validation/Validator.java
@@ -19,21 +19,17 @@
 
 import com.google.common.base.MoreObjects;
 import java.util.Map;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.commons.TypeConversionUtil;
 import ru.runa.wfe.commons.ftl.ExpressionEvaluator;
 import ru.runa.wfe.execution.ExecutionContext;
-import ru.runa.wfe.user.User;
-import ru.runa.wfe.var.VariableProvider;
 import ru.runa.wfe.var.MapDelegableVariableProvider;
+import ru.runa.wfe.var.VariableProvider;
 
 public abstract class Validator {
     protected final Log log = LogFactory.getLog(getClass());
-    private User user;
     private ExecutionContext executionContext;
     private VariableProvider oldVariableProvider;
     private VariableProvider variableProvider;
@@ -41,9 +37,8 @@ public abstract class Validator {
     private ValidatorContext validatorContext;
     private Map<String, Object> newVariables;
 
-    public void init(User user, ExecutionContext executionContext, VariableProvider variableProvider, ValidatorConfig config,
-            ValidatorContext validatorContext, Map<String, Object> variables) {
-        this.user = user;
+    public void init(ExecutionContext executionContext, VariableProvider variableProvider, ValidatorConfig config, ValidatorContext validatorContext,
+            Map<String, Object> variables) {
         this.executionContext = executionContext;
         this.oldVariableProvider = variableProvider;
         this.variableProvider = new MapDelegableVariableProvider(config.getParams(), new MapDelegableVariableProvider(variables, variableProvider));
@@ -52,10 +47,6 @@ public void init(User user, ExecutionContext executionContext, VariableProvider
         this.newVariables = variables;
     }
 
-    protected User getUser() {
-        return user;
-    }
-
     protected ExecutionContext getExecutionContext() {
         return executionContext;
     }
diff --git a/wfe-core/src/main/java/ru/runa/wfe/validation/ValidatorManager.java b/wfe-core/src/main/java/ru/runa/wfe/validation/ValidatorManager.java
index 3b267aca83..f656d6aff6 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/validation/ValidatorManager.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/validation/ValidatorManager.java
@@ -20,7 +20,6 @@
 import ru.runa.wfe.definition.par.ValidationXmlParser;
 import ru.runa.wfe.execution.ExecutionContext;
 import ru.runa.wfe.execution.dto.WfProcess;
-import ru.runa.wfe.user.User;
 import ru.runa.wfe.var.VariableProvider;
 
 public class ValidatorManager {
@@ -66,7 +65,7 @@ private static String getDefaultValidationMessage(String name) {
         return "";
     }
 
-    public List<Validator> createValidators(User user, ExecutionContext executionContext, VariableProvider variableProvider, byte[] validationXml,
+    public List<Validator> createValidators(ExecutionContext executionContext, VariableProvider variableProvider, byte[] validationXml,
             ValidatorContext validatorContext, Map<String, Object> variables) {
         List<ValidatorConfig> configs = ValidationXmlParser.parseValidatorConfigs(validationXml);
         ArrayList<Validator> validators = new ArrayList<>(configs.size());
@@ -79,16 +78,16 @@ public List<Validator> createValidators(User user, ExecutionContext executionCon
                 throw new InternalApplicationException("Validator '" + config.getType() + "' is not registered");
             }
             Validator validator = ApplicationContextFactory.createAutowiredBean(className);
-            validator.init(user, executionContext, variableProvider, config, validatorContext, variables);
+            validator.init(executionContext, variableProvider, config, validatorContext, variables);
             validators.add(validator);
         }
         return validators;
     }
 
-    public ValidatorContext validate(User user, ExecutionContext executionContext, VariableProvider variableProvider, byte[] validationXml,
+    public ValidatorContext validate(ExecutionContext executionContext, VariableProvider variableProvider, byte[] validationXml,
             Map<String, Object> variables) {
         ValidatorContext validatorContext = new ValidatorContext();
-        List<Validator> validators = createValidators(user, executionContext, variableProvider, validationXml, validatorContext, variables);
+        List<Validator> validators = createValidators(executionContext, variableProvider, validationXml, validatorContext, variables);
         // can be null for single output transition
         String transitionName = (String) variableProvider.getValue(WfProcess.SELECTED_TRANSITION_KEY);
         for (Validator validator : validators) {
diff --git a/wfe-core/src/main/java/ru/runa/wfe/var/logic/VariableLogic.java b/wfe-core/src/main/java/ru/runa/wfe/var/logic/VariableLogic.java
index 96315b9377..4c7cc6c544 100644
--- a/wfe-core/src/main/java/ru/runa/wfe/var/logic/VariableLogic.java
+++ b/wfe-core/src/main/java/ru/runa/wfe/var/logic/VariableLogic.java
@@ -91,7 +91,7 @@ public List<WfVariable> getVariables(User user, Long processId) throws ProcessDo
         List<WfVariable> result = Lists.newArrayList();
         Process process = processDao.getNotNull(processId);
         ProcessDefinition processDefinition = getDefinition(process);
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         Map<Process, Map<String, Variable<?>>> variables = variableDao.getVariables(Sets.newHashSet(process));
         ExecutionContext executionContext = new ExecutionContext(processDefinition, process, variables, true);
         for (VariableDefinition variableDefinition : processDefinition.getVariables()) {
@@ -106,7 +106,7 @@ public List<WfVariable> getVariables(User user, Long processId) throws ProcessDo
     public Map<Long, List<WfVariable>> getVariables(User user, List<Long> processIds) throws ProcessDoesNotExistException {
         Map<Long, List<WfVariable>> result = Maps.newHashMap();
         List<Process> processes = processDao.find(processIds);
-        processes = filterSecuredObject(user, processes, Permission.LIST);
+        processes = filterSecuredObject(user, processes, Permission.READ);
         Map<Process, Map<String, Variable<?>>> variables = variableDao.getVariables(processes);
         for (Process process : processes) {
             List<WfVariable> list = Lists.newArrayList();
@@ -216,7 +216,7 @@ public WfVariable getTaskVariable(User user, Long processId, Long taskId, String
     public void updateVariables(User user, Long processId, Map<String, Object> variables) {
         Process process = processDao.getNotNull(processId);
         // TODO check ProcessPermission.UPDATE
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         ProcessDefinition processDefinition = getDefinition(process);
         ExecutionContext executionContext = new ExecutionContext(processDefinition, process);
         processLogDao.addLog(new AdminActionLog(user.getActor(), AdminActionLog.ACTION_UPDATE_VARIABLES), process, null);
@@ -238,7 +238,7 @@ private WfVariableHistoryState getHistoricalVariableOnRange(User user, ProcessLo
     private WfVariableHistoryState getHistoricalVariableOnDate(User user, ProcessLogFilter filter) {
         List<WfVariable> result = Lists.newArrayList();
         Process process = processDao.getNotNull(filter.getProcessId());
-        permissionDao.checkAllowed(user, Permission.LIST, process);
+        permissionDao.checkAllowed(user, Permission.READ, process);
         Set<String> simpleVariablesChanged = Sets.newHashSet();
         Map<Process, Map<String, Variable<?>>> processStateOnTime = getProcessStateOnTime(user, process, filter, simpleVariablesChanged);
         VariableLoader loader = new VariableLoaderFromMap(processStateOnTime);
diff --git a/wfe-core/src/main/resources/system.properties b/wfe-core/src/main/resources/system.properties
index 23a7f60403..0662a72967 100644
--- a/wfe-core/src/main/resources/system.properties
+++ b/wfe-core/src/main/resources/system.properties
@@ -32,9 +32,6 @@ date.format.pattern=dd.MM.yyyy
 # used to prevent cyclic fork execution
 # token.maximum.depth=100
 
-# Whether method ru.runa.wfe.service.impl.ExecutionServiceBean.updateVariables(User, Long, Map<String, Object>) enabled
-executionServiceAPI.updateVariables.enabled = false
-
 # Expired jobs check interval
 timertask.period.millis.job.execution = 5000
 # Unassigned tasks check interval
diff --git a/wfe-ear/pom.xml b/wfe-ear/pom.xml
index 53b4f43f46..1e74943c7c 100644
--- a/wfe-ear/pom.xml
+++ b/wfe-ear/pom.xml
@@ -65,7 +65,7 @@
 		<dependency>
 			<groupId>commons-collections</groupId>
 			<artifactId>commons-collections</artifactId>
-			<version>3.2.1</version>
+			<version>3.2.2</version>
 		</dependency>
 		<dependency>
 			<groupId>cglib</groupId>
diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/doc/DocxUtils.java b/wfe-office/src/main/java/ru/runa/wfe/office/doc/DocxUtils.java
index 74bf9126eb..4f75301846 100644
--- a/wfe-office/src/main/java/ru/runa/wfe/office/doc/DocxUtils.java
+++ b/wfe-office/src/main/java/ru/runa/wfe/office/doc/DocxUtils.java
@@ -658,6 +658,9 @@ private static void fixRunsToStateInWhichSingleRunContainsPlaceholder(DocxConfig
                     for (int n = 0; n < match.runs.size(); n++) {
                         if (n == 0) {
                             String newText = match.runs.get(n).getText(0);
+                            if (newText.length() > placeholder.length() && match.comparisonStartInFirstRunIndex + placeholder.length() <= newText.length()) {
+                                runs.get(next).setText(String.join("", newText.substring(match.comparisonStartInFirstRunIndex + placeholder.length()), runs.get(next).getText(0)), 0);
+                            }
                             newText = newText.substring(0, match.comparisonStartInFirstRunIndex) + placeholder;
                             match.runs.get(n).setText(newText, 0);
                         } else if (n == match.runs.size() - 1) {
diff --git a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java
index 791ac3da23..e4b658f94c 100644
--- a/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java
+++ b/wfe-office/src/main/java/ru/runa/wfe/office/storage/StoreServiceImpl.java
@@ -2,7 +2,6 @@
 
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
-import com.google.common.base.Throwables;
 import com.google.common.collect.Lists;
 import java.io.File;
 import java.io.FileInputStream;
@@ -23,6 +22,7 @@
 import org.apache.poi.ss.usermodel.Sheet;
 import org.apache.poi.ss.usermodel.Workbook;
 import org.apache.poi.xssf.usermodel.XSSFWorkbook;
+import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.datasource.DataSource;
 import ru.runa.wfe.datasource.DataSourceStorage;
 import ru.runa.wfe.datasource.DataSourceStuff;
@@ -31,6 +31,7 @@
 import ru.runa.wfe.extension.handler.ParamsDef;
 import ru.runa.wfe.office.excel.AttributeConstraints;
 import ru.runa.wfe.office.excel.ExcelConstraints;
+import ru.runa.wfe.office.excel.OnSheetConstraints;
 import ru.runa.wfe.office.excel.utils.ExcelHelper;
 import ru.runa.wfe.office.storage.binding.ExecutionResult;
 import ru.runa.wfe.var.ParamBasedVariableProvider;
@@ -50,6 +51,8 @@ public class StoreServiceImpl implements StoreService {
     private static final int START_ROW_INDEX = 0;
 
     private static final Log log = LogFactory.getLog(StoreServiceImpl.class);
+    private static final String DEFAULT_TABLE_NAME_PREFIX = "SHEET";
+    private static final String XLSX_SUFFIX = ".xlsx";
 
     private ExcelConstraints constraints;
     private VariableFormat format;
@@ -61,29 +64,28 @@ public StoreServiceImpl(VariableProvider variableProvider) {
     }
 
     @Override
-    public void createFileIfNotExist(String path) throws Exception {
-        File f = new File(path);
+    public void createFileIfNotExist(String path) throws InternalApplicationException {
+        final File f = new File(path);
         if (f.exists() && f.isFile()) {
             return;
         }
-        Workbook workbook = null;
-        if (path.endsWith(".xls")) {
-            workbook = new HSSFWorkbook();
-        } else {
-            workbook = new XSSFWorkbook();
-        }
-        workbook.createSheet();
-        OutputStream os = null;
+
         try {
-            os = new FileOutputStream(path);
+            if (!f.createNewFile()) {
+                log.error("Could not create file " + path);
+                throw new InternalApplicationException("Could not create file " + path);
+            }
+        } catch (IOException | SecurityException e) {
+            log.error("Could not create file: " + path, e);
+            throw new InternalApplicationException(e);
+        }
+
+        try (Workbook workbook = path.endsWith(XLSX_SUFFIX) ? new XSSFWorkbook() : new HSSFWorkbook(); OutputStream os = new FileOutputStream(path)) {
+            workbook.createSheet();
             workbook.write(os);
         } catch (Exception e) {
             log.error("", e);
-            Throwables.propagate(e);
-        } finally {
-            if (os != null) {
-                os.close();
-            }
+            throw new InternalApplicationException(e);
         }
     }
 
@@ -155,13 +157,13 @@ public void save(Properties properties, WfVariable variable, boolean appendTo) t
         }
     }
 
-    private void initParams(Properties properties) throws Exception {
+    private void initParams(Properties properties) throws InternalApplicationException {
         Preconditions.checkNotNull(properties);
         constraints = (ExcelConstraints) properties.get(PROP_CONSTRAINTS);
         format = (VariableFormat) properties.get(PROP_FORMAT);
         fullPath = properties.getProperty(PROP_PATH);
         if (fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE) || fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE_VARIABLE)) {
-            String dsName = null;
+            String dsName;
             if (fullPath.startsWith(DataSourceStuff.PATH_PREFIX_DATA_SOURCE)) {
                 dsName = fullPath.substring(DataSourceStuff.PATH_PREFIX_DATA_SOURCE.length());
             } else {
@@ -170,7 +172,7 @@ private void initParams(Properties properties) throws Exception {
             DataSource ds = DataSourceStorage.getDataSource(dsName);
             if (ds instanceof ExcelDataSource) {
                 ExcelDataSource eds = (ExcelDataSource) ds;
-                fullPath = eds.getFilePath() + "/" + eds.getFileName();
+                fullPath = eds.getFilePath() + "/" + tableName() + XLSX_SUFFIX;
             }
         }
         createFileIfNotExist(fullPath);
@@ -487,4 +489,22 @@ private boolean existOutputParamByVariableName(WfVariable variable) {
         }
         return false;
     }
+
+    private String tableName() {
+        final OnSheetConstraints osc = (OnSheetConstraints) constraints;
+        String tableName = osc.getSheetName();
+        if (Strings.isNullOrEmpty(tableName)) {
+            String userTypeName = null;
+
+            if (format instanceof UserTypeFormat) {
+                userTypeName = format.toString();
+            } else if (format instanceof ListFormat) {
+                userTypeName = ((ListFormat) format).getComponentClassName(0);
+            }
+
+            tableName = Strings.isNullOrEmpty(userTypeName) ?
+                    DEFAULT_TABLE_NAME_PREFIX + osc.getSheetIndex() : userTypeName;
+        }
+        return tableName;
+    }
 }
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java b/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java
index 60125d2268..6176d4b7ea 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/AuthorizationService.java
@@ -60,17 +60,6 @@ public interface AuthorizationService {
      */
     boolean isAllowedForAny(User user, Permission permission, SecuredObjectType securedObjectType);
 
-    /**
-     * Special case to check UPDATE and/or UPDATE_SELF permissions.
-     */
-    boolean isAllowedUpdateExecutor(User user, Executor object);
-
-    /**
-     * Special case to check UPDATE and/or UPDATE_SELF permissions.
-     * Overloaded version for cases where otherwise getExecutor() would be called and perform extra READ check.
-     */
-    boolean isAllowedUpdateExecutor(User user, Long id);
-
     /**
      * Exports &lt;addPermissions&gt; elements to XML script. Everything is done under single transaction, using optimized queries.
      */
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/DefinitionService.java b/wfe-service/src/main/java/ru/runa/wfe/service/DefinitionService.java
index 9ff0e774f8..389a35f401 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/DefinitionService.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/DefinitionService.java
@@ -55,10 +55,8 @@ public interface DefinitionService {
      * @param categories
      *            process categories
      * @return deployed definition
-     * @throws DefinitionAlreadyExistException
-     * @throws DefinitionArchiveFormatException
      */
-    public WfDefinition deployProcessDefinition(User user, byte[] archive, List<String> categories) throws DefinitionAlreadyExistException,
+    WfDefinition deployProcessDefinition(User user, byte[] archive, List<String> categories) throws DefinitionAlreadyExistException,
             DefinitionArchiveFormatException;
 
     /**
@@ -73,11 +71,8 @@ public WfDefinition deployProcessDefinition(User user, byte[] archive, List<Stri
      * @param categories
      *            process categories
      * @return redeployed definition
-     * @throws DefinitionDoesNotExistException
-     * @throws DefinitionArchiveFormatException
-     * @throws DefinitionNameMismatchException
      */
-    public WfDefinition redeployProcessDefinition(User user, Long definitionId, byte[] archive, List<String> categories)
+    WfDefinition redeployProcessDefinition(User user, Long definitionId, byte[] archive, List<String> categories)
             throws DefinitionDoesNotExistException, DefinitionArchiveFormatException, DefinitionNameMismatchException;
 
     /**
@@ -90,12 +85,8 @@ public WfDefinition redeployProcessDefinition(User user, Long definitionId, byte
      * @param archive
      *            process definition archive (ZIP format)
      * @return redeployed definition
-     * 
-     * @throws DefinitionDoesNotExistException
-     * @throws DefinitionArchiveFormatException
-     * @throws DefinitionNameMismatchException
      */
-    public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[] archive) throws DefinitionDoesNotExistException,
+    WfDefinition updateProcessDefinition(User user, Long definitionId, byte[] archive) throws DefinitionDoesNotExistException,
             DefinitionArchiveFormatException, DefinitionNameMismatchException;
 
     /**
@@ -107,9 +98,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      *            process definition id
      * @param date
      *            can be <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public void setProcessDefinitionSubprocessBindingDate(User user, Long definitionId, Date date) throws DefinitionDoesNotExistException;
+    void setProcessDefinitionSubprocessBindingDate(User user, Long definitionId, Date date) throws DefinitionDoesNotExistException;
 
     /**
      * Gets only last version from process definition by name.
@@ -119,9 +109,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      * @param definitionName
      *            process definition name
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public WfDefinition getLatestProcessDefinition(User user, String definitionName) throws DefinitionDoesNotExistException;
+    WfDefinition getLatestProcessDefinition(User user, String definitionName) throws DefinitionDoesNotExistException;
 
     /**
      * Gets process definition by id.
@@ -131,9 +120,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      * @param definitionId
      *            process definition id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public WfDefinition getProcessDefinition(User user, Long definitionId) throws DefinitionDoesNotExistException;
+    WfDefinition getProcessDefinition(User user, Long definitionId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets only last version from process definition by name.
@@ -145,9 +133,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      * @param definitionVersion
      *            process definition version
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public WfDefinition getProcessDefinitionVersion(User user, String definitionName, Long definitionVersion) throws DefinitionDoesNotExistException;
+    WfDefinition getProcessDefinitionVersion(User user, String definitionName, Long definitionVersion) throws DefinitionDoesNotExistException;
 
     /**
      * Gets parsed process definition by id.
@@ -157,9 +144,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      * @param definitionId
      *            process definition id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public ProcessDefinition getParsedProcessDefinition(User user, Long definitionId) throws DefinitionDoesNotExistException;
+    ProcessDefinition getParsedProcessDefinition(User user, Long definitionId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets parsed process definition by id. TODO this method return too many data through references.
@@ -171,9 +157,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      * @param nodeId
      *            node id
      * @return node or <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public WfNode getNode(User user, Long definitionId, String nodeId) throws DefinitionDoesNotExistException;
+    WfNode getNode(User user, Long definitionId, String nodeId) throws DefinitionDoesNotExistException;
 
     /**
      * Deletes process definition by name. If version is not specified all versions will be deleted.
@@ -184,9 +169,8 @@ public WfDefinition updateProcessDefinition(User user, Long definitionId, byte[]
      *            process definition name
      * @param version
      *            version or <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public void undeployProcessDefinition(User user, String definitionName, Long version) throws DefinitionDoesNotExistException,
+    void undeployProcessDefinition(User user, String definitionName, Long version) throws DefinitionDoesNotExistException,
             ParentProcessExistsException;
 
     /**
@@ -199,9 +183,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param fileName
      *            file name in definition archive
      * @return file data or <code>null</code> if file does not exist
-     * @throws DefinitionDoesNotExistException
      */
-    public byte[] getProcessDefinitionFile(User user, Long definitionId, String fileName) throws DefinitionDoesNotExistException;
+    byte[] getProcessDefinitionFile(User user, Long definitionId, String fileName) throws DefinitionDoesNotExistException;
 
     /**
      * Retrieves processimage.png (or earlier equivalent) file data from process definition archive.
@@ -213,9 +196,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param subprocessId
      *            subprocess id, can be <code>null</code>
      * @return file data, not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public byte[] getProcessDefinitionGraph(User user, Long definitionId, String subprocessId) throws DefinitionDoesNotExistException;
+    byte[] getProcessDefinitionGraph(User user, Long definitionId, String subprocessId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets start task user interaction.
@@ -225,11 +207,10 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param definitionId
      *            process definition id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      * @deprecated use {@link #getTaskNodeInteraction(User, Long, String)}
      */
     @Deprecated
-    public Interaction getStartInteraction(User user, Long definitionId) throws DefinitionDoesNotExistException;
+    Interaction getStartInteraction(User user, Long definitionId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets task node user interaction.
@@ -241,9 +222,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param nodeId
      *            interaction node id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public Interaction getTaskNodeInteraction(User user, Long definitionId, String nodeId) throws DefinitionDoesNotExistException;
+    Interaction getTaskNodeInteraction(User user, Long definitionId, String nodeId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets all role definitions for process definition by id.
@@ -253,9 +233,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param definitionId
      *            process definition id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public List<SwimlaneDefinition> getSwimlaneDefinitions(User user, Long definitionId) throws DefinitionDoesNotExistException;
+    List<SwimlaneDefinition> getSwimlaneDefinitions(User user, Long definitionId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets all variable user types for process definition by id.
@@ -265,9 +244,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param definitionId
      *            process definition id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public List<UserType> getUserTypes(User user, Long definitionId) throws DefinitionDoesNotExistException;
+    List<UserType> getUserTypes(User user, Long definitionId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets variable user type for process definition by name.
@@ -279,9 +257,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param name
      *            variable user type name
      * @return variable definition or <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public UserType getUserType(User user, Long definitionId, String name) throws DefinitionDoesNotExistException;
+    UserType getUserType(User user, Long definitionId, String name) throws DefinitionDoesNotExistException;
 
     /**
      * Gets all variable definitions for process definition by id.
@@ -291,9 +268,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param definitionId
      *            process definition id
      * @return not <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public List<VariableDefinition> getVariableDefinitions(User user, Long definitionId) throws DefinitionDoesNotExistException;
+    List<VariableDefinition> getVariableDefinitions(User user, Long definitionId) throws DefinitionDoesNotExistException;
 
     /**
      * Gets variable definition for process definition by name.
@@ -305,9 +281,8 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      * @param variableName
      *            variable name
      * @return variable definition or <code>null</code>
-     * @throws DefinitionDoesNotExistException
      */
-    public VariableDefinition getVariableDefinition(User user, Long definitionId, String variableName) throws DefinitionDoesNotExistException;
+    VariableDefinition getVariableDefinition(User user, Long definitionId, String variableName) throws DefinitionDoesNotExistException;
 
     /**
      * Gets all graph elements for process definition by id.
@@ -320,7 +295,7 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      *            embedded subprocess id or <code>null</code>
      * @return not <code>null</code>
      */
-    public List<NodeGraphElement> getProcessDefinitionGraphElements(User user, Long definitionId, String subprocessId);
+    List<NodeGraphElement> getProcessDefinitionGraphElements(User user, Long definitionId, String subprocessId);
 
     /**
      * Gets all versions of process definition specified by name.
@@ -331,64 +306,56 @@ public void undeployProcessDefinition(User user, String definitionName, Long ver
      *            process definition name
      * @return not <code>null</code>
      */
-    public List<WfDefinition> getProcessDefinitionHistory(User user, String definitionName);
+    List<WfDefinition> getProcessDefinitionHistory(User user, String definitionName);
 
     /**
      * Gets process definitions according to batch presentation.
      * 
      * @param user
      *            authorized user
-     * @param batchPresentation
      * @return not <code>null</code>
      */
-    public List<WfDefinition> getProcessDefinitions(User user, BatchPresentation batchPresentation, boolean enablePaging);
+    List<WfDefinition> getProcessDefinitions(User user, BatchPresentation batchPresentation, boolean enablePaging);
 
     /**
      * Gets process definitions count.
      * 
      * @param user
      *            authorized user
-     * @param batchPresentation
      * @return not <code>null</code>
      */
-    public int getProcessDefinitionsCount(User user, BatchPresentation batchPresentation);
+    int getProcessDefinitionsCount(User user, BatchPresentation batchPresentation);
 
     /**
      * Gets deployments according to batch presentation.
      * 
      * @param user
      *            authorized user
-     * @param batchPresentation
      * @return not <code>null</code>
      */
-    public List<WfDefinition> getDeployments(User user, BatchPresentation batchPresentation, boolean enablePaging);
+    List<WfDefinition> getDeployments(User user, BatchPresentation batchPresentation, boolean enablePaging);
 
     /**
      * Gets changes history for specified definition.
      * 
-     * @param definitionId
      * @return not <code>null</code>
      */
-    public List<ProcessDefinitionChange> getChanges(Long definitionId);
+    List<ProcessDefinitionChange> getChanges(Long definitionId);
 
     /**
      * Gets last n changes for specified definition.
      * 
-     * @param definitionId
      * @param n
      *            number of process definition versions to get changes
      * @return not <code>null</code>
      */
-    public List<ProcessDefinitionChange> getLastChanges(Long definitionId, Long n);
+    List<ProcessDefinitionChange> getLastChanges(Long definitionId, Long n);
 
     /**
      * Gets changes between two versions of specified definition.
-     * 
-     * @param definitionName
-     * @param version1
-     * @param version2
+     *
      * @return not <code>null</code>
      */
-    public List<ProcessDefinitionChange> findChanges(String definitionName, Long version1, Long version2);
+    List<ProcessDefinitionChange> findChanges(String definitionName, Long version1, Long version2);
 
 }
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java b/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java
index 4d94756e61..19b1a219cc 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/TaskService.java
@@ -25,20 +25,18 @@ public interface TaskService {
      * 
      * @param user
      *            authorized user
-     * @param batchPresentation
      * @return not <code>null</code>
      */
-    public List<WfTask> getMyTasks(User user, BatchPresentation batchPresentation);
+    List<WfTask> getMyTasks(User user, BatchPresentation batchPresentation);
 
     /**
      * Gets tasks by {@link BatchPresentation}.
      * 
      * @param user
      *            authorized user
-     * @param batchPresentation
      * @return not <code>null</code>
      */
-    public List<WfTask> getTasks(User user, BatchPresentation batchPresentation);
+    List<WfTask> getTasks(User user, BatchPresentation batchPresentation);
 
     /**
      * Gets task by id.
@@ -48,9 +46,8 @@ public interface TaskService {
      * @param taskId
      *            task id
      * @return not <code>null</code>
-     * @throws TaskDoesNotExistException
      */
-    public WfTask getTask(User user, Long taskId) throws TaskDoesNotExistException;
+    WfTask getTask(User user, Long taskId) throws TaskDoesNotExistException;
 
     /**
      * Gets all process tasks.
@@ -62,9 +59,8 @@ public interface TaskService {
      * @param includeSubprocesses
      *            whether to include tasks from subprocesses
      * @return not <code>null</code>
-     * @throws ProcessDoesNotExistException
      */
-    public List<WfTask> getProcessTasks(User user, Long processId, boolean includeSubprocesses) throws ProcessDoesNotExistException;
+    List<WfTask> getProcessTasks(User user, Long processId, boolean includeSubprocesses) throws ProcessDoesNotExistException;
 
     /**
      * Reassigns task to another executor.
@@ -76,7 +72,7 @@ public interface TaskService {
      * @throws TaskAlreadyAcceptedException
      *             if previous owner differs from provided
      */
-    public void assignTask(User user, Long taskId, Executor previousOwner, Executor newOwner) throws TaskAlreadyAcceptedException;
+    void assignTask(User user, Long taskId, Executor previousOwner, Executor newOwner) throws TaskAlreadyAcceptedException;
 
     /**
      * Reassigns tasks using TaskAssigner.
@@ -87,7 +83,7 @@ public interface TaskService {
      *            to load tasks
      * @return reassigned tasks count
      */
-    public int reassignTasks(User user, BatchPresentation batchPresentation);
+    int reassignTasks(User user, BatchPresentation batchPresentation);
 
     /**
      * Reassigns task using TaskAssigner.
@@ -96,7 +92,7 @@ public interface TaskService {
      *            authorized user
      * @return whether task was successfully reassigned
      */
-    public boolean reassignTask(User user, Long taskId);
+    boolean reassignTask(User user, Long taskId);
 
     /**
      * Completes task by id.
@@ -109,11 +105,11 @@ public interface TaskService {
      *            variable values, can contain transition name by key ru.runa.wfe.execution.dto.WfProcess.SELECTED_TRANSITION_KEY
      * @param swimlaneActorId
      *            actor id who will be assigned to task swimlane, can be <code>null</code>
-     * @throws TaskDoesNotExistException
-     * @throws ValidationException
+     *
+     * @deprecated This method delegates to {@link #completeTask(User, Long, Map)} abandoning {@code swimlaneActorId} argument.
      */
     @Deprecated
-    public void completeTask(User user, Long taskId, Map<String, Object> variables, Long swimlaneActorId) throws TaskDoesNotExistException,
+    void completeTask(User user, Long taskId, Map<String, Object> variables, Long swimlaneActorId) throws TaskDoesNotExistException,
             ValidationException;
 
     /**
@@ -124,11 +120,11 @@ public void completeTask(User user, Long taskId, Map<String, Object> variables,
      * @param taskId
      *            task id
      * @param variables
-     *            variable values, can contain transition name by key ru.runa.wfe.execution.dto.WfProcess.SELECTED_TRANSITION_KEY
+     *            Variable values, can contain transition name by key ru.runa.wfe.execution.dto.WfProcess.SELECTED_TRANSITION_KEY.
+     *            May be null if empty.
      * @return next task in this token or <code>null</code>
      */
-    WfTask completeTask(User user, Long taskId, Map<String, Object> variables) throws TaskDoesNotExistException,
-            ValidationException;
+    WfTask completeTask(User user, Long taskId, Map<String, Object> variables) throws TaskDoesNotExistException, ValidationException;
 
     /**
      * Marks task as read.
@@ -137,9 +133,8 @@ WfTask completeTask(User user, Long taskId, Map<String, Object> variables) throw
      *            authorized user
      * @param taskId
      *            task id
-     * @throws TaskDoesNotExistException
      */
-    public void markTaskOpened(User user, Long taskId) throws TaskDoesNotExistException;
+    void markTaskOpened(User user, Long taskId) throws TaskDoesNotExistException;
 
     /**
      * Delegate task to another users or groups.
@@ -155,7 +150,7 @@ WfTask completeTask(User user, Long taskId, Map<String, Object> variables) throw
      * @param newOwners
      *            new executor list
      */
-    public void delegateTask(User user, Long taskId, Executor currentOwner, boolean keepCurrentOwners, List<? extends Executor> newOwners);
+    void delegateTask(User user, Long taskId, Executor currentOwner, boolean keepCurrentOwners, List<? extends Executor> newOwners);
 
     /**
      * Delegate tasks to another users or groups.
@@ -167,11 +162,11 @@ WfTask completeTask(User user, Long taskId, Map<String, Object> variables) throw
      * @param newOwners
      *            new executor list
      */
-    public void delegateTasks(User user, Set<Long> taskIds, boolean keepCurrentOwners, List<? extends Executor> newOwners);
+    void delegateTasks(User user, Set<Long> taskIds, boolean keepCurrentOwners, List<? extends Executor> newOwners);
 
     /**
      * Gets tasks with executor == NULL
      */
-    public List<WfTask> getUnassignedTasks(User user);
+    List<WfTask> getUnassignedTasks(User user);
 
 }
\ No newline at end of file
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java b/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java
index 91c746b44f..b044fa7a7e 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/delegate/AuthorizationServiceDelegate.java
@@ -98,24 +98,6 @@ public boolean isAllowedForAny(User user, Permission permission, SecuredObjectTy
         }
     }
 
-    @Override
-    public boolean isAllowedUpdateExecutor(User user, Executor object) {
-        try {
-            return getAuthorizationService().isAllowedUpdateExecutor(user, object);
-        } catch (Exception e) {
-            throw handleException(e);
-        }
-    }
-
-    @Override
-    public boolean isAllowedUpdateExecutor(User user, Long id) {
-        try {
-            return getAuthorizationService().isAllowedUpdateExecutor(user, id);
-        } catch (Exception e) {
-            throw handleException(e);
-        }
-    }
-
     @Override
     public void exportDataFile(User user, Document script) {
         try {
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java
index 14cd14ca5e..4fe14a497a 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/AuthorizationServiceBean.java
@@ -106,20 +106,6 @@ public boolean isAllowedForAny(@WebParam(name = "user") @NonNull User user, @Web
         return authorizationLogic.isAllowedForAny(user, permission, securedObjectType);
     }
 
-    @WebMethod(exclude = true)
-    @Override
-    public boolean isAllowedUpdateExecutor(@NonNull User user, @NonNull Executor object) {
-        return authorizationLogic.isAllowedUpdateExecutor(user, object);
-    }
-
-
-    @WebMethod(exclude = true)
-    @Override
-    public boolean isAllowedUpdateExecutor(@NonNull User user, @NonNull Long id) {
-        return authorizationLogic.isAllowedUpdateExecutor(user, id);
-    }
-
-
     @Override
     @WebResult(name = "result")
     public List<Permission> getIssuedPermissions(@WebParam(name = "user") @NonNull User user,
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/ExecutionServiceBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/ExecutionServiceBean.java
index 42ef0de8c2..7b9318b3d6 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/ExecutionServiceBean.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/ExecutionServiceBean.java
@@ -31,9 +31,7 @@
 import lombok.NonNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ejb.interceptor.SpringBeanAutowiringInterceptor;
-import ru.runa.wfe.ConfigurationException;
 import ru.runa.wfe.audit.ProcessLogFilter;
-import ru.runa.wfe.commons.SystemProperties;
 import ru.runa.wfe.commons.Utils;
 import ru.runa.wfe.definition.dto.WfDefinition;
 import ru.runa.wfe.definition.logic.DefinitionLogic;
@@ -234,10 +232,6 @@ public FileVariableImpl getFileVariableValue(@WebParam(name = "user") @NonNull U
     @WebMethod(exclude = true)
     @Override
     public void updateVariables(@NonNull User user, @NonNull Long processId, @NonNull Map<String, Object> variables) {
-        if (!SystemProperties.isUpdateProcessVariablesInAPIEnabled()) {
-            throw new ConfigurationException(
-                    "In order to enable script execution set property 'executionServiceAPI.updateVariables.enabled' to 'true' in system.properties or wfe.custom.system.properties");
-        }
         FileVariablesUtil.unproxyFileVariables(user, processId, null, variables);
         variableLogic.updateVariables(user, processId, variables);
     }
diff --git a/wfe-service/src/main/java/ru/runa/wfe/service/impl/ReceiveMessageBean.java b/wfe-service/src/main/java/ru/runa/wfe/service/impl/ReceiveMessageBean.java
index df17c888cb..36a5fe2add 100644
--- a/wfe-service/src/main/java/ru/runa/wfe/service/impl/ReceiveMessageBean.java
+++ b/wfe-service/src/main/java/ru/runa/wfe/service/impl/ReceiveMessageBean.java
@@ -21,6 +21,7 @@
 import com.google.common.base.Objects;
 import com.google.common.base.Throwables;
 import com.google.common.collect.Lists;
+import java.util.Date;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
@@ -43,7 +44,6 @@
 import org.springframework.ejb.interceptor.SpringBeanAutowiringInterceptor;
 import ru.runa.wfe.InternalApplicationException;
 import ru.runa.wfe.audit.ReceiveMessageLog;
-import ru.runa.wfe.audit.dao.ProcessLogDao;
 import ru.runa.wfe.commons.Errors;
 import ru.runa.wfe.commons.SystemProperties;
 import ru.runa.wfe.commons.TransactionalExecutor;
@@ -78,8 +78,6 @@ public class ReceiveMessageBean implements MessageListener {
     private TokenDao tokenDao;
     @Autowired
     private ProcessDefinitionLoader processDefinitionLoader;
-    @Autowired
-    private ProcessLogDao processLogDao;
     @Resource
     private MessageDrivenContext context;
 
@@ -153,7 +151,19 @@ public void onMessage(Message jmsMessage) {
                 log.error(errorMessage);
                 Errors.addSystemError(new InternalApplicationException(errorMessage));
             } else {
-                throw new MessagePostponedException(messageString);
+                Date expiryDate = null;
+                try {
+                    if (message.propertyExists(BaseMessageNode.EXPIRATION_PROPERTY)) {
+                        expiryDate = new Date(message.getLongProperty(BaseMessageNode.EXPIRATION_PROPERTY));
+                    }
+                } catch (JMSException e) {
+                    Throwables.propagate(e);
+                }
+                if (expiryDate == null || expiryDate.after(new Date())) {
+                    throw new MessagePostponedException(messageString);
+                } else {
+                    log.debug("Rejecting message request " + messageString + ", already expired");
+                }
             }
         }
         for (ReceiveMessageData data : handlers) {
diff --git a/wfe-web/pom.xml b/wfe-web/pom.xml
index 7d5d7fbe08..d0da9ce5c6 100644
--- a/wfe-web/pom.xml
+++ b/wfe-web/pom.xml
@@ -45,7 +45,7 @@
 		<dependency>
 			<groupId>commons-collections</groupId>
 			<artifactId>commons-collections</artifactId>
-			<version>3.1</version>
+			<version>3.2.2</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
@@ -126,7 +126,7 @@
 		<dependency>
 			<groupId>xerces</groupId>
 			<artifactId>xercesImpl</artifactId>
-			<version>2.11.0</version>
+			<version>2.12.0</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-fileupload</groupId>
diff --git a/wfe-web/src/main/java/ru/runa/af/web/action/CheckSingletonPermissionAndForwardAction.java b/wfe-web/src/main/java/ru/runa/af/web/action/CheckSingletonPermissionAndForwardAction.java
index 0207af5d5e..fd02bdf21d 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/action/CheckSingletonPermissionAndForwardAction.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/action/CheckSingletonPermissionAndForwardAction.java
@@ -15,10 +15,6 @@
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.User;
 
-import static ru.runa.wfe.security.SecuredObjectType.DATAFILE;
-import static ru.runa.wfe.security.SecuredObjectType.ERRORS;
-import static ru.runa.wfe.security.SecuredObjectType.SCRIPTS;
-import static ru.runa.wfe.security.SecuredObjectType.SUBSTITUTION_CRITERIAS;
 import static ru.runa.wfe.security.SecuredObjectType.SYSTEM;
 
 public class CheckSingletonPermissionAndForwardAction extends ActionBase {
@@ -34,11 +30,7 @@ private static class Config {
 
     private static final String TAB_FORWARD_NAME_PARAMETER_NAME = "tabForwardName";
     private static final HashMap<SecuredObjectType, Config> configs = new HashMap<SecuredObjectType, Config>() {{
-        put(DATAFILE, new Config(Permission.ALL, "/WEB-INF/af/manage_datafile.jsp"));
-        put(ERRORS, new Config(Permission.ALL, "/WEB-INF/af/manage_errors.jsp"));
-        put(SCRIPTS, new Config(Permission.ALL, "/WEB-INF/af/manage_scripts.jsp"));
-        put(SUBSTITUTION_CRITERIAS, new Config(Permission.ALL, "/WEB-INF/af/manage_substitution_criteria.jsp"));
-        put(SYSTEM, new Config(Permission.ALL, "/WEB-INF/af/manage_system.jsp"));
+        put(SYSTEM, new Config(Permission.READ, "/WEB-INF/af/manage_system.jsp"));
     }};
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/action/CreateSubstitutionCriteriaAction.java b/wfe-web/src/main/java/ru/runa/af/web/action/CreateSubstitutionCriteriaAction.java
index a3e37251e1..94f6dd10fe 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/action/CreateSubstitutionCriteriaAction.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/action/CreateSubstitutionCriteriaAction.java
@@ -25,9 +25,10 @@ public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServlet
         }
 
         User user = Commons.getUser(request.getSession());
-        // TODO Was System / READ. Is this really *Create*SubstitutionCriteriaAction?
-        Permission permission = Permission.ALL;
-        SecuredObject object = SecuredSingleton.SUBSTITUTION_CRITERIAS;
+        // TODO Checking READ permission for CREATE operation?! See #1586-5, #1586-6.
+        //      BTW, UpdateSubstitutionCriteriaAction and DeleteSubstitutionCriteriasAction don't check any permissions at all.
+        Permission permission = Permission.READ;
+        SecuredObject object = SecuredSingleton.SYSTEM;
         boolean isAllowed = Delegates.getAuthorizationService().isAllowed(user, permission, object);
         if (!isAllowed) {
             throw new AuthorizationException(user + " does not have " + permission + " to " + object);
diff --git a/wfe-web/src/main/java/ru/runa/af/web/action/UpdateSubstitutionCriteriaAction.java b/wfe-web/src/main/java/ru/runa/af/web/action/UpdateSubstitutionCriteriaAction.java
index ce6e7f9530..d6a00c4833 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/action/UpdateSubstitutionCriteriaAction.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/action/UpdateSubstitutionCriteriaAction.java
@@ -42,7 +42,7 @@
 public class UpdateSubstitutionCriteriaAction extends ActionBase {
     public static final String UPDATE_ACTION = "/updateSubstitutionCriteria";
     public static final String EDIT_ACTION = "/editSubstitutionCriteria";
-    public static final String RETURN_ACTION = "/manage_substitution_criteria.do";
+    public static final String RETURN_ACTION = "/manage_system.do";
 
     @Override
     public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpServletRequest request, HttpServletResponse response) {
diff --git a/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java b/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java
index 22e18feab0..1a6f2bfbf7 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/html/DataSourceTableBuilder.java
@@ -133,7 +133,7 @@ private String attributes(DataSource ds) {
         switch (ds.getType()) {
         case Excel:
             ExcelDataSource eds = (ExcelDataSource) ds;
-            attributes += "filePath: " + eds.getFilePath() + ", fileName: " + eds.getFileName();
+            attributes += "dirPath: " + eds.getFilePath();
             break;
         case JNDI:
             attributes += "jndiName: " + ((JndiDataSource) ds).getJndiName();
diff --git a/wfe-web/src/main/java/ru/runa/af/web/html/RelationExecutorBaseTdBuilder.java b/wfe-web/src/main/java/ru/runa/af/web/html/RelationExecutorBaseTdBuilder.java
index e4a08ec11b..330324fba3 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/html/RelationExecutorBaseTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/html/RelationExecutorBaseTdBuilder.java
@@ -35,7 +35,7 @@ public SecuredObject getSecuredObject(Object o, Env env) {
             return getExecutor((RelationPair) o);
         }
     };
-    final PropertyTdBuilder builder = new PropertyTdBuilder(Permission.LIST, "name", extractor);
+    final PropertyTdBuilder builder = new PropertyTdBuilder(Permission.READ, "name", extractor);
 
     protected abstract Executor getExecutor(RelationPair relation);
 
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/AddBotTaskLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/AddBotTaskLinkTag.java
index 28aa6a72cf..ce77bd4952 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/AddBotTaskLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/AddBotTaskLinkTag.java
@@ -33,7 +33,7 @@ public class AddBotTaskLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/AddExecutorToGroupsLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/AddExecutorToGroupsLinkTag.java
index 7e154763b3..7a6ab458f3 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/AddExecutorToGroupsLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/AddExecutorToGroupsLinkTag.java
@@ -20,6 +20,8 @@
 import org.tldgen.annotations.BodyContent;
 import ru.runa.common.web.MessagesCommon;
 import ru.runa.common.web.tag.IdLinkBaseTag;
+import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.service.delegate.Delegates;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "addExecutorToGroupsLink")
@@ -33,6 +35,6 @@ protected String getLinkText() {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowedUpdateExecutor(getUser(), getIdentifiableId());
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredObjectType.EXECUTOR, getIdentifiableId());
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/AddSubstitutionLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/AddSubstitutionLinkTag.java
index d970f9b178..51d2fcb96f 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/AddSubstitutionLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/AddSubstitutionLinkTag.java
@@ -21,6 +21,8 @@
 import org.tldgen.annotations.BodyContent;
 import ru.runa.common.web.Messages;
 import ru.runa.common.web.tag.IdLinkBaseTag;
+import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.service.delegate.Delegates;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "addSubstitutionLink")
@@ -39,7 +41,7 @@ public void setText(String text) {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowedUpdateExecutor(getUser(), getIdentifiableId());
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredObjectType.EXECUTOR, getIdentifiableId());
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/BotListTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/BotListTag.java
index 4fc6e01257..0353be93ba 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/BotListTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/BotListTag.java
@@ -55,7 +55,7 @@ public String getAction() {
 
     @Override
     public boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationListTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationListTag.java
index c23efc7b00..e044918032 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationListTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationListTag.java
@@ -44,7 +44,7 @@ public class BotStationListTag extends TitledFormTag {
     private static final long serialVersionUID = -4263750161023575386L;
 
     protected Permission getPermission() {
-        return Permission.ALL;
+        return Permission.READ;
     }
 
     protected SecuredObject getSecuredObject() {
@@ -81,7 +81,7 @@ public String getAction() {
 
     @Override
     public boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationStatusTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationStatusTag.java
index 772e090b14..45db6d5505 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationStatusTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationStatusTag.java
@@ -95,7 +95,7 @@ public String getAction() {
 
     @Override
     public boolean isSubmitButtonEnabled() {
-        boolean result = Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        boolean result = Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
         if (!result) {
             return false;
         }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationTag.java
index 02be043903..1e4d23763f 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/BotStationTag.java
@@ -62,6 +62,6 @@ public String getAction() {
 
     @Override
     public boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/BotTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/BotTag.java
index 4c36c691e7..cd1d09ef29 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/BotTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/BotTag.java
@@ -70,6 +70,6 @@ public String getAction() {
 
     @Override
     public boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/BotTaskListTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/BotTaskListTag.java
index 23f1cdd772..74e67c1e09 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/BotTaskListTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/BotTaskListTag.java
@@ -72,7 +72,7 @@ public Long getBotId() {
 
     @Override
     public boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
@@ -80,7 +80,7 @@ protected void fillFormElement(TD tdFormElement) {
         tdFormElement.addElement(new Input(Input.hidden, IdsForm.ID_INPUT_NAME, Long.toString(botId)));
         BotService botService = Delegates.getBotService();
         getForm().setEncType(Form.ENC_UPLOAD);
-        boolean disabled = !Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        boolean disabled = !Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
         List<BotTask> tasks = botService.getBotTasks(getUser(), botId);
         int nameSize = 1;
         for (BotTask botTask : tasks) {
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotLinkTag.java
index 683d621ce8..4d868e8c9b 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotLinkTag.java
@@ -30,7 +30,7 @@ public class CreateBotLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotStationLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotStationLinkTag.java
index 8edd598f6f..eafa6ce9ff 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotStationLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateBotStationLinkTag.java
@@ -30,7 +30,7 @@ public class CreateBotStationLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorFormTag.java
index 561391cd8b..52bdb19171 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorFormTag.java
@@ -57,7 +57,7 @@ public void setType(String type) {
 
     @Override
     public void fillFormElement(TD tdFormElement) {
-        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.CREATE, SecuredSingleton.EXECUTORS);
+        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM);
         boolean isActor = CreateExecutorForm.TYPE_ACTOR.equals(type);
         ExecutorTableBuilder builder = new ExecutorTableBuilder(isActor, pageContext);
         tdFormElement.addElement(builder.buildTable());
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorLinkTag.java
index ebe8b999d0..77c5bb941c 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateExecutorLinkTag.java
@@ -30,6 +30,6 @@ public abstract class CreateExecutorLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE, SecuredSingleton.EXECUTORS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE_EXECUTOR, SecuredSingleton.SYSTEM);
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationLinkTag.java
index f634882203..a668b77828 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationLinkTag.java
@@ -44,6 +44,6 @@ protected String getLinkText() {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.RELATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.RELATIONS);
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationPairLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationPairLinkTag.java
index b5e4e92946..584b8eed1c 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationPairLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/CreateRelationPairLinkTag.java
@@ -26,7 +26,7 @@
 import ru.runa.common.web.tag.LinkTag;
 import ru.runa.wfe.commons.web.PortletUrlType;
 import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
+import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.service.delegate.Delegates;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "createRelationPairLink")
@@ -55,6 +55,6 @@ protected String getLinkText() {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.RELATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredObjectType.RELATION, getRelationId());
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotLinkTag.java
index 6d5c92ee5b..c0589747d5 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotLinkTag.java
@@ -34,7 +34,7 @@ public class DeleteBotLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotStationLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotStationLinkTag.java
index 1d50c20a63..9c1c8162a5 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotStationLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/DeleteBotStationLinkTag.java
@@ -31,7 +31,7 @@ public class DeleteBotStationLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotStationTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotStationTag.java
index 370fffb93c..48da63b890 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotStationTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotStationTag.java
@@ -37,7 +37,7 @@ public class DeployBotStationTag extends TitledFormTag {
 
     @Override
     protected boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotTag.java
index da7cdce17e..439b1c09af 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/DeployBotTag.java
@@ -52,7 +52,7 @@ public Long getBotStationId() {
 
     @Override
     protected boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListGroupMembersFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListGroupMembersFormTag.java
index 3343f31fb2..28b7967f4c 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListGroupMembersFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListGroupMembersFormTag.java
@@ -76,7 +76,7 @@ public String getAction() {
 
     @Override
     protected Permission getExecutorsPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListNotGroupMembersFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListNotGroupMembersFormTag.java
index 2e541fc218..8f1140feb9 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListNotGroupMembersFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListNotGroupMembersFormTag.java
@@ -61,6 +61,6 @@ public String getAction() {
 
     @Override
     protected Permission getExecutorsPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java
index 3d6c1d2141..79a91e8d99 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationPairsFormTag.java
@@ -40,6 +40,7 @@
 import ru.runa.wfe.relation.Relation;
 import ru.runa.wfe.relation.RelationPair;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.delegate.Delegates;
 
@@ -59,12 +60,12 @@ public void setRelationId(Long relationId) {
 
     @Override
     protected void fillFormElement(TD tdFormElement) {
-        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.ALL, SecuredSingleton.RELATIONS);
+        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.READ, SecuredObjectType.RELATION, relationId);
         Relation relation = Delegates.getRelationService().getRelation(getUser(), relationId);
         BatchPresentation batchPresentation = getBatchPresentation();
         List<RelationPair> relationPairs = Delegates.getRelationService().getRelationPairs(getUser(), relation.getName(), batchPresentation);
         TableBuilder tableBuilder = new TableBuilder();
-        TdBuilder checkboxBuilder = new CheckboxTdBuilder(null, Permission.ALL) {
+        TdBuilder checkboxBuilder = new CheckboxTdBuilder(null, Permission.UPDATE) {
 
             @Override
             protected String getIdValue(Object object) {
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java
index 10752892c0..8f9513c066 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ListRelationsFormTag.java
@@ -48,7 +48,7 @@ public class ListRelationsFormTag extends BatchReturningTitledFormTag {
 
     @Override
     protected void fillFormElement(TD tdFormElement) {
-        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.ALL, SecuredSingleton.RELATIONS);
+        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.READ, SecuredSingleton.RELATIONS);
         List<Relation> relations = Delegates.getRelationService().getRelations(getUser(), getBatchPresentation());
         TableBuilder tableBuilder = new TableBuilder();
         TdBuilder checkboxBuilder = new CheckboxTdBuilder(null, null) {
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/ManagePermissionsFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/ManagePermissionsFormTag.java
index dacda1c59d..2599c28c34 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/ManagePermissionsFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/ManagePermissionsFormTag.java
@@ -17,18 +17,23 @@
  */
 package ru.runa.af.web.tag;
 
+import com.google.common.base.Predicate;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Lists;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.TD;
 import org.tldgen.annotations.BodyContent;
 import ru.runa.af.web.action.UpdatePermissionsAction;
 import ru.runa.common.web.Commons;
 import ru.runa.common.web.MessagesCommon;
-import ru.runa.common.web.StrutsMessage;
 import ru.runa.common.web.html.PermissionTableBuilder;
 import ru.runa.common.web.tag.SecuredObjectFormTag2;
+import ru.runa.wfe.security.ApplicablePermissions;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.service.delegate.Delegates;
+import ru.runa.wfe.user.SystemExecutors;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.JSP, name = "managePermissionsForm")
 public class ManagePermissionsFormTag extends SecuredObjectFormTag2 {
@@ -41,13 +46,25 @@ public String getAction() {
 
     @Override
     public final void fillFormElement(TD tdFormElement) {
-        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.READ_PERMISSIONS, getSecuredObject());
+        SecuredObject o = getSecuredObject();
+        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.READ_PERMISSIONS, o);
         super.fillFormElement(tdFormElement);
 
         // This is for UpdatePermissionsAction to return back to current page:
         tdFormElement.addElement(new Input(Input.HIDDEN, "returnAction", Commons.getSelfActionWithQueryString(pageContext)));
 
-        PermissionTableBuilder tableBuilder = new PermissionTableBuilder(getSecuredObject(), getUser(), pageContext);
+        PermissionTableBuilder tableBuilder = new PermissionTableBuilder(o, getUser(), pageContext);
+        if (o.getSecuredObjectType() == SecuredObjectType.DEFINITION) {
+            tableBuilder.addAdditionalExecutor(
+                    Delegates.getExecutorService().getExecutorByName(getUser(), SystemExecutors.PROCESS_STARTER_NAME),
+                    Lists.newArrayList(Iterables.filter(ApplicablePermissions.listVisible(o), new Predicate<Permission>() {
+                        @Override
+                        public boolean apply(Permission p) {
+                            return p != Permission.READ_PROCESS && p != Permission.CANCEL_PROCESS;
+                        }
+                    }))
+            );
+        }
         tdFormElement.addElement(tableBuilder.buildTable());
     }
 
@@ -63,10 +80,6 @@ protected String getSubmitButtonName() {
 
     @Override
     protected String getTitle() {
-        StrutsMessage messagesCommon = securedObjectType == SecuredObjectType.EXECUTORS ?
-            MessagesCommon.TITLE_EXECUTORS_PERMISSIONS :
-            MessagesCommon.TITLE_PERMISSION_OWNERS;
-
-        return messagesCommon.message(pageContext);
+        return MessagesCommon.TITLE_PERMISSION_OWNERS.message(pageContext);
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/RelationFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/RelationFormTag.java
index ce699afb43..3cdf4d847b 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/RelationFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/RelationFormTag.java
@@ -22,7 +22,6 @@
 import org.apache.ecs.html.Table;
 import org.tldgen.annotations.Attribute;
 import org.tldgen.annotations.BodyContent;
-
 import ru.runa.af.web.MessagesExecutor;
 import ru.runa.af.web.action.CreateRelationAction;
 import ru.runa.af.web.action.UpdateRelationAction;
@@ -34,7 +33,6 @@
 import ru.runa.wfe.relation.Relation;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObjectType;
-import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.delegate.Delegates;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.JSP, name = "relationForm")
@@ -70,8 +68,7 @@ protected String getTitle() {
     @Override
     protected boolean isSubmitButtonEnabled() {
         if (relationId != null) {
-            // TODO Was isAllowed(RELATION, relationId). Is this if() necessary? Where enabled was initialized?
-            enabled = Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.RELATIONS);
+            enabled = Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredObjectType.RELATION, relationId);
         }
         return enabled;
     }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotLinkTag.java
index 28e0c91650..90cedb0cdb 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotLinkTag.java
@@ -30,7 +30,7 @@ public class SaveBotLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotStationLinkTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotStationLinkTag.java
index 182e3636e3..4a8fa41bdb 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotStationLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/SaveBotStationLinkTag.java
@@ -30,7 +30,7 @@ public class SaveBotStationLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.BOTSTATIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.BOTSTATIONS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateExecutorBaseFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateExecutorBaseFormTag.java
index f9733f2e12..b344020f19 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateExecutorBaseFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateExecutorBaseFormTag.java
@@ -45,6 +45,6 @@ protected final Executor getExecutor() {
 
     @Override
     protected boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowedUpdateExecutor(getUser(), getExecutor());
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, getExecutor());
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/UpdatePasswordFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/UpdatePasswordFormTag.java
index 895b540610..ad2caf06df 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/UpdatePasswordFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/UpdatePasswordFormTag.java
@@ -23,6 +23,8 @@
 import ru.runa.af.web.action.UpdatePasswordAction;
 import ru.runa.af.web.html.PasswordTableBuilder;
 import ru.runa.common.web.MessagesCommon;
+import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.user.Actor;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "updatePasswordForm")
@@ -52,7 +54,10 @@ protected boolean isVisible() {
 
     @Override
     protected boolean isSubmitButtonEnabled() {
-        return super.isSubmitButtonEnabled() || getUser().getActor().equals(getSecuredObject());
+        return super.isSubmitButtonEnabled() || (
+                getUser().getActor().equals(getSecuredObject()) &&
+                super.isSubmitButtonEnabled(SecuredSingleton.SYSTEM, Permission.CHANGE_SELF_PASSWORD)
+        );
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateStatusFormTag.java b/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateStatusFormTag.java
index 9ec3803c4e..96127eee7f 100644
--- a/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateStatusFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/af/web/tag/UpdateStatusFormTag.java
@@ -50,7 +50,7 @@ protected boolean isVisible() {
 
     @Override
     protected boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE_STATUS, getExecutor());
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE_ACTOR_STATUS, getExecutor());
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/common/WebResources.java b/wfe-web/src/main/java/ru/runa/common/WebResources.java
index 9a2832dda5..65ca8ed85c 100644
--- a/wfe-web/src/main/java/ru/runa/common/WebResources.java
+++ b/wfe-web/src/main/java/ru/runa/common/WebResources.java
@@ -178,7 +178,11 @@ public static boolean isProcessRemovalEnabled() {
     }
 
     public static boolean isUpdateProcessSwimlanesEnabled() {
-        return RESOURCES.getBooleanProperty("process.swimlane.assignment.enabled", false);
+        return RESOURCES.getBooleanProperty("process.swimlane.assignment.enabled", true);
+    }
+
+    public static boolean isUpdateProcessVariablesEnabled() {
+        return RESOURCES.getBooleanProperty("process.variable.assignment.enabled", true);
     }
 
     /**
diff --git a/wfe-web/src/main/java/ru/runa/common/web/HTMLUtils.java b/wfe-web/src/main/java/ru/runa/common/web/HTMLUtils.java
index 265968223c..b21cbcdc31 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/HTMLUtils.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/HTMLUtils.java
@@ -247,7 +247,7 @@ public static String getExecutorName(Executor executor, PageContext pageContext)
     }
 
     public static ConcreteElement createExecutorElement(User user, PageContext pageContext, Executor executor) {
-        if (executor == null || !Delegates.getAuthorizationService().isAllowed(user, Permission.LIST, executor)) {
+        if (executor == null || !Delegates.getAuthorizationService().isAllowed(user, Permission.READ, executor)) {
             return new StringElement(getExecutorName(executor, pageContext));
         }
         return createExecutorElement(pageContext, executor);
diff --git a/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java b/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java
index 2120ed5c17..fc822b6286 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/MessagesCommon.java
@@ -23,14 +23,6 @@ public final class MessagesCommon {
     public static final StrutsMessage MAIN_MENU_ITEM_DATA_SOURCES = new StrutsMessage("manage_data_sources");
     // Forward menu (left main menu items) -> System.
     public static final StrutsMessage MAIN_MENU_ITEM_SYSTEM = new StrutsMessage("manage_system");
-    // Forward menu (left main menu items) -> Scripts.
-    public static final StrutsMessage MAIN_MENU_ITEM_SCRIPTS = new StrutsMessage("manage_scripts");
-    // Forward menu (left main menu items) -> Errors.
-    public static final StrutsMessage MAIN_MENU_ITEM_ERRORS = new StrutsMessage("manage_errors");
-    // Forward menu (left main menu items) -> Substitution Criteria.
-    public static final StrutsMessage MAIN_MENU_ITEM_SUBSTITUTION_CRITERIA = new StrutsMessage("manage_substitution_criteria");
-    // Forward menu (left main menu items) -> System Data.
-    public static final StrutsMessage MAIN_MENU_ITEM_DATAFILE = new StrutsMessage("manage_datafile");
     // Forward menu (left main menu items) -> Settings.
     public static final StrutsMessage MAIN_MENU_ITEM_SETTINGS = new StrutsMessage("manage_settings");
     // Forward menu (left main menu items) -> Logs.
diff --git a/wfe-web/src/main/java/ru/runa/common/web/RequestWebHelper.java b/wfe-web/src/main/java/ru/runa/common/web/RequestWebHelper.java
index 218454a77c..f51359023c 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/RequestWebHelper.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/RequestWebHelper.java
@@ -40,7 +40,7 @@ public String getActionUrl(String relativeUrl, Map<String, ? extends Object> par
 
     @Override
     public boolean useLinkForExecutor(User user, Executor executor) {
-        return Delegates.getAuthorizationService().isAllowed(user, Permission.LIST, executor);
+        return Delegates.getAuthorizationService().isAllowed(user, Permission.READ, executor);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/common/web/StrutsWebHelper.java b/wfe-web/src/main/java/ru/runa/common/web/StrutsWebHelper.java
index cd84b37c66..8aca5499f5 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/StrutsWebHelper.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/StrutsWebHelper.java
@@ -52,7 +52,7 @@ public String getActionUrl(String relativeUrl, Map<String, ?> params) {
 
     @Override
     public boolean useLinkForExecutor(User user, Executor executor) {
-        return Delegates.getAuthorizationService().isAllowed(user, Permission.LIST, executor);
+        return Delegates.getAuthorizationService().isAllowed(user, Permission.READ, executor);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/common/web/action/ViewLogsAction.java b/wfe-web/src/main/java/ru/runa/common/web/action/ViewLogsAction.java
index 370637f063..06f45a4760 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/action/ViewLogsAction.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/action/ViewLogsAction.java
@@ -44,7 +44,7 @@ public class ViewLogsAction extends ActionBase {
     @Override
     public ActionForward execute(ActionMapping mapping, ActionForm actionForm, HttpServletRequest request, HttpServletResponse response) {
         try {
-            Delegates.getAuthorizationService().checkAllowed(Commons.getUser(request.getSession()), Permission.ALL, SecuredSingleton.LOGS);
+            Delegates.getAuthorizationService().checkAllowed(getLoggedUser(request), Permission.VIEW_LOGS, SecuredSingleton.SYSTEM);
 
             String logDirPath = IoCommons.getLogDirPath();
             request.setAttribute("logDirPath", logDirPath);
diff --git a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java
index b947f4c254..621fc979f2 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/html/BaseTdBuilder.java
@@ -50,7 +50,7 @@ protected boolean isEnabled(Object object, Env env) {
         if (permission == null) {
             return false;
         }
-        if (permission == Permission.START) {
+        if (permission == Permission.START_PROCESS) {
             return ((WfDefinition) object).isCanBeStarted();
         }
         return env.isAllowed(permission, securedObjectExtractor);
diff --git a/wfe-web/src/main/java/ru/runa/common/web/html/PermissionTableBuilder.java b/wfe-web/src/main/java/ru/runa/common/web/html/PermissionTableBuilder.java
index 0a3512fdfb..13e4702834 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/html/PermissionTableBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/html/PermissionTableBuilder.java
@@ -17,11 +17,14 @@
  */
 package ru.runa.common.web.html;
 
+import com.google.common.base.Predicate;
+import com.google.common.collect.Iterables;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import java.util.List;
 import java.util.Map;
 import javax.servlet.jsp.PageContext;
+import lombok.val;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TH;
@@ -39,6 +42,7 @@
 import ru.runa.wfe.security.SecuredObject;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.Executor;
+import ru.runa.wfe.user.Group;
 import ru.runa.wfe.user.User;
 
 /**
@@ -56,7 +60,16 @@ public PermissionTableBuilder(SecuredObject securedObject, User user, PageContex
         this.securedObject = securedObject;
         this.user = user;
         this.pageContext = pageContext;
-        applicablePermissions = ApplicablePermissions.listVisible(securedObject);
+        val pp = ApplicablePermissions.listVisible(securedObject);
+        applicablePermissions = securedObject instanceof Group
+                ? Lists.newArrayList(Iterables.filter(pp, new Predicate<Permission>() {
+                    @Override
+                    public boolean apply(Permission p) {
+                        // #1586-27.
+                        return p != Permission.UPDATE_ACTOR_STATUS;
+                    }
+                }))
+                : pp;
         updateAllowed = Delegates.getAuthorizationService().isAllowed(user, Permission.UPDATE_PERMISSIONS, securedObject);
     }
 
diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java
index b5ce6d0a63..3e981e5f0a 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/tag/ManagePermissionsLinkTag.java
@@ -5,8 +5,8 @@
 import ru.runa.common.web.Commons;
 import ru.runa.common.web.MessagesCommon;
 import ru.runa.common.web.PermissionWebUtils;
-import ru.runa.common.web.StrutsMessage;
 import ru.runa.wfe.commons.web.PortletUrlType;
+import ru.runa.wfe.definition.dto.WfDefinition;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.security.SecuredObjectType;
 import ru.runa.wfe.service.delegate.Delegates;
@@ -30,6 +30,15 @@ public void setIdentifiableId(Long identifiableId) {
 
     @Override
     protected boolean isLinkEnabled() {
+        if (securedObjectType == SecuredObjectType.DEFINITION) {
+            // ********************************************************************************************************************************
+            // ***** !!!!! DON'T MERGE THIS INTO develop !!!!! This is temporary solution, before table BPM_PROCESS_DEFINITION_VER was created.
+            // ********************************************************************************************************************************
+            WfDefinition definition = Delegates.getDefinitionService().getProcessDefinition(getUser(), identifiableId);
+            return Delegates.getAuthorizationService().isAllowed(
+                    getUser(), Permission.READ_PERMISSIONS, securedObjectType, definition.getIdentifiableId()
+            );
+        }
         return Delegates.getAuthorizationService().isAllowed(
                 getUser(), Permission.READ_PERMISSIONS, securedObjectType, identifiableId != null ? identifiableId : 0
         );
@@ -37,11 +46,7 @@ protected boolean isLinkEnabled() {
 
     @Override
     protected String getLinkText() {
-        StrutsMessage messagesCommon = securedObjectType == SecuredObjectType.EXECUTORS ?
-            MessagesCommon.TITLE_EXECUTORS_PERMISSIONS :
-            MessagesCommon.TITLE_PERMISSION_OWNERS;
-
-        return messagesCommon.message(pageContext);
+        return MessagesCommon.TITLE_PERMISSION_OWNERS.message(pageContext);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java
index 067c2819ef..9ee1904cbf 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/tag/TabHeaderTag.java
@@ -19,17 +19,14 @@
 
 import java.util.ArrayList;
 import java.util.List;
-
 import javax.servlet.jsp.JspWriter;
 import javax.servlet.jsp.tagext.TagSupport;
-
 import org.apache.ecs.html.A;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
 import org.tldgen.annotations.Attribute;
 import org.tldgen.annotations.BodyContent;
-
 import ru.runa.common.web.Commons;
 import ru.runa.common.web.MessagesCommon;
 import ru.runa.common.web.Resources;
@@ -64,14 +61,10 @@ public class TabHeaderTag extends TagSupport {
         FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_REPORTS, SecuredSingleton.REPORTS));
         FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_RELATIONS, SecuredSingleton.RELATIONS));
         FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_BOT_STATION, SecuredSingleton.BOTSTATIONS));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_DATA_SOURCES, SecuredSingleton.SYSTEM));
+        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_DATA_SOURCES, null, true));
         FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SYSTEM, SecuredSingleton.SYSTEM));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SCRIPTS, SecuredSingleton.SCRIPTS));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_ERRORS, SecuredSingleton.ERRORS));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SUBSTITUTION_CRITERIA, SecuredSingleton.SUBSTITUTION_CRITERIAS));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_DATAFILE, SecuredSingleton.DATAFILE));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SETTINGS));
-        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_LOGS, SecuredSingleton.LOGS));
+        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_SETTINGS, null, true));
+        FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_LOGS));
         FORWARDS.add(new MenuForward(MessagesCommon.MAIN_MENU_ITEM_OBSERVABLE_TASKS));
     }
 
@@ -139,15 +132,18 @@ private User getUser() {
 
     private boolean isMenuForwardVisible(MenuForward menuForward) {
         try {
-            if (menuForward.menuMessage.getKey().equals("manage_settings")) {
+            if (menuForward.forAdministratorOnly) {
                 return Delegates.getExecutorService().isAdministrator(getUser());
             }
+            if (menuForward.menuMessage.getKey().equals("view_logs")) {
+                return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.VIEW_LOGS, SecuredSingleton.SYSTEM);
+            }
             if (menuForward.menuMessage.getKey().equals("manage_observable_tasks")
                     && Delegates.getAuthorizationService().isAllowedForAny(getUser(), Permission.VIEW_TASKS, SecuredObjectType.EXECUTOR)) {
                 return true;
             }
             if (menuForward.object != null) {
-                return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.LIST, menuForward.object);
+                return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.READ, menuForward.object);
             } else {
                 return true;
             }
@@ -159,14 +155,20 @@ private boolean isMenuForwardVisible(MenuForward menuForward) {
     static class MenuForward {
         final StrutsMessage menuMessage;
         final SecuredObject object;
+        final boolean forAdministratorOnly;
 
-        MenuForward(StrutsMessage menuMessage, SecuredObject object) {
+        MenuForward(StrutsMessage menuMessage, SecuredObject object, boolean forAdministratorOnly) {
             this.menuMessage = menuMessage;
             this.object = object;
+            this.forAdministratorOnly = forAdministratorOnly;
+        }
+
+        MenuForward(StrutsMessage menuMessage, SecuredObject object) {
+            this(menuMessage, object, false);
         }
 
         MenuForward(StrutsMessage menuMessage) {
-            this(menuMessage, null);
+            this(menuMessage, null, false);
         }
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewLogsTag.java b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewLogsTag.java
index 1883efecfe..480690d030 100644
--- a/wfe-web/src/main/java/ru/runa/common/web/tag/ViewLogsTag.java
+++ b/wfe-web/src/main/java/ru/runa/common/web/tag/ViewLogsTag.java
@@ -27,7 +27,7 @@ public String getLogDirPath() {
         return logDirPath;
     }
 
-    @Attribute(required = true, rtexprvalue = true)
+    @Attribute(required = true)
     public void setLogDirPath(String logDirPath) {
         this.logDirPath = logDirPath;
     }
@@ -38,7 +38,7 @@ public int doStartTag() {
             StringBuilder html = new StringBuilder();
             File dirFile = new File(logDirPath);
             if (dirFile.exists() && dirFile.isDirectory()) {
-                if (Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.LOGS)) {
+                if (Delegates.getAuthorizationService().isAllowed(getUser(), Permission.VIEW_LOGS, SecuredSingleton.SYSTEM)) {
                     File[] logFiles = dirFile.listFiles();
                     Arrays.sort(logFiles);
                     for (File file : logFiles) {
diff --git a/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java b/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java
index a403bb7506..f4dcbacbe6 100644
--- a/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/report/web/html/ReportPropertiesTdBuilder.java
@@ -37,7 +37,7 @@
  */
 public class ReportPropertiesTdBuilder extends BaseTdBuilder {
     public ReportPropertiesTdBuilder() {
-        super(Permission.ALL);
+        super(Permission.READ);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/report/web/tag/BuildReportFormTag.java b/wfe-web/src/main/java/ru/runa/report/web/tag/BuildReportFormTag.java
index 9e47e50fa5..68544fc293 100644
--- a/wfe-web/src/main/java/ru/runa/report/web/tag/BuildReportFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/report/web/tag/BuildReportFormTag.java
@@ -127,7 +127,7 @@ protected String getSubmitButtonName() {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportFormTag.java b/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportFormTag.java
index 9cd587b000..b5ad08e3db 100644
--- a/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportFormTag.java
@@ -41,7 +41,7 @@ public class DeployReportFormTag extends BaseReportFormTag {
 
     @Override
     protected void fillFormElement(TD tdFormElement) {
-        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.ALL, SecuredSingleton.REPORTS);
+        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.UPDATE, SecuredSingleton.REPORTS);
 
         ArrayList<WfReportParameter> parameters = (ArrayList<WfReportParameter>) pageContext.getRequest().getAttribute(REPORT_PARAMETERS);
 
diff --git a/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportLinkTag.java b/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportLinkTag.java
index 9226d4f42c..663fe855ea 100644
--- a/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/report/web/tag/DeployReportLinkTag.java
@@ -32,7 +32,7 @@ public class DeployReportLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.REPORTS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.REPORTS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/report/web/tag/ListReportsFormTag.java b/wfe-web/src/main/java/ru/runa/report/web/tag/ListReportsFormTag.java
index ae0cd136b1..165102659d 100644
--- a/wfe-web/src/main/java/ru/runa/report/web/tag/ListReportsFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/report/web/tag/ListReportsFormTag.java
@@ -17,6 +17,7 @@
  */
 package ru.runa.report.web.tag;
 
+import com.google.common.primitives.Booleans;
 import java.util.ArrayList;
 import java.util.List;
 import javax.servlet.jsp.PageContext;
@@ -62,7 +63,7 @@ protected void fillFormElement(TD tdFormElement) {
         navigation.addPagingNavigationTable(tdFormElement);
         isButtonEnabled = isUndeployAllowed(reports);
         TdBuilder[] builders = BatchPresentationUtils.getBuilders(
-                new TdBuilder[] { new CheckboxTdBuilder("id", Permission.ALL) },
+                new TdBuilder[] { new CheckboxTdBuilder("id", Permission.UPDATE) },
                 batchPresentation,
                 new TdBuilder[] { new ReportPropertiesTdBuilder() });
         String[] prefixCellsHeaders = getGrouppingCells(batchPresentation, reports);
@@ -85,14 +86,8 @@ private String[] getGrouppingCells(BatchPresentation batchPresentation, List<WfR
     }
 
     private boolean isUndeployAllowed(List<WfReport> reports) {
-        boolean hasGlobalDeployPermission = Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.REPORTS);
-        // TODO If (when) hidden types & permissions are implemented, uncomment and review/edit this.
-//        for (boolean undeploy : Delegates.getAuthorizationService().isAllowed(getUser(), Permission.DEPLOY_REPORT, reports)) {
-//            if (undeploy || hasGlobalDeployPermission) {
-//                return true;
-//            }
-//        }
-        return false;
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, SecuredSingleton.REPORTS) ||
+                Booleans.contains(Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UPDATE, reports), true);
     }
 
     class EnvImpl extends EnvBaseImpl {
diff --git a/wfe-web/src/main/java/ru/runa/report/web/tag/ManageReportFormTag.java b/wfe-web/src/main/java/ru/runa/report/web/tag/ManageReportFormTag.java
index aa1cd60eb8..d0f3bb334d 100644
--- a/wfe-web/src/main/java/ru/runa/report/web/tag/ManageReportFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/report/web/tag/ManageReportFormTag.java
@@ -56,7 +56,7 @@ public long getReportId() {
 
     @Override
     protected void fillFormElement(TD tdFormElement) {
-        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.ALL, SecuredObjectType.REPORT, getReportId());
+        Delegates.getAuthorizationService().checkAllowed(getUser(), Permission.UPDATE, SecuredObjectType.REPORT, getReportId());
 
         ServletRequest request = pageContext.getRequest();
         List<WfReportParameter> parameters = (List<WfReportParameter>) request.getAttribute(DeployReportFormTag.REPORT_PARAMETERS);
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/action/ExportDataFileAction.java b/wfe-web/src/main/java/ru/runa/wf/web/action/ExportDataFileAction.java
index 24b5bd6e3e..4d654258c3 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/action/ExportDataFileAction.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/action/ExportDataFileAction.java
@@ -37,7 +37,8 @@ public class ExportDataFileAction extends ActionBase {
 
     @Override
     public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) {
-        Delegates.getAuthorizationService().checkAllowed(Commons.getUser(request.getSession()), Permission.ALL, SecuredSingleton.DATAFILE);
+        // TODO See #1586-5, #1586-6. Looks like v4.3 had no permission checks for this operation at all.
+        Delegates.getAuthorizationService().checkAllowed(Commons.getUser(request.getSession()), Permission.READ, SecuredSingleton.SYSTEM);
 
         try {
             final File file = File.createTempFile(DataFileBuilder.FILE_NAME, DataFileBuilder.FILE_EXT);
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/html/BaseExecutorTdBuilder.java b/wfe-web/src/main/java/ru/runa/wf/web/html/BaseExecutorTdBuilder.java
index 39b2f0bdb9..4fb35ee3c6 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/html/BaseExecutorTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/html/BaseExecutorTdBuilder.java
@@ -37,7 +37,7 @@
 public abstract class BaseExecutorTdBuilder<T> extends BaseTdBuilder {
 
     public BaseExecutorTdBuilder() {
-        super(Permission.LIST);
+        super(Permission.READ);
     }
 
     protected abstract Executor getExecutor(T object, Env env);
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/html/StartProcessTdBuilder.java b/wfe-web/src/main/java/ru/runa/wf/web/html/StartProcessTdBuilder.java
index 2fe62b7332..78d7b9693b 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/html/StartProcessTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/html/StartProcessTdBuilder.java
@@ -44,7 +44,7 @@
 public class StartProcessTdBuilder extends BaseTdBuilder {
 
     public StartProcessTdBuilder() {
-        super(Permission.START);
+        super(Permission.START_PROCESS);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessDefinitionTdBuilder.java b/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessDefinitionTdBuilder.java
index b3c1b7ee75..278b556e33 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessDefinitionTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessDefinitionTdBuilder.java
@@ -46,7 +46,7 @@ public TD build(Object object, Env env) {
         TD td = new TD();
         td.setClass(ru.runa.common.web.Resources.CLASS_LIST_TABLE_TD);
         String definitionName = getValue(object, env);
-        if (env.hasProcessDefinitionPermission(Permission.LIST, task.getDefinitionId())) {
+        if (env.hasProcessDefinitionPermission(Permission.READ, task.getDefinitionId())) {
             String url = Commons.getActionUrl(WebResources.ACTION_MAPPING_MANAGE_DEFINITION, IdForm.ID_INPUT_NAME, task.getDefinitionId(),
                     env.getPageContext(), PortletUrlType.Render);
             A definitionNameLink = new A(url, definitionName);
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessIdTdBuilder.java b/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessIdTdBuilder.java
index eb19c760fb..7e2098bab4 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessIdTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/html/TaskProcessIdTdBuilder.java
@@ -55,7 +55,7 @@ public TD build(Object object, Env env) {
         ConcreteElement link = new StringElement(processId.toString());
         boolean isAllowed = false;
         try {
-            isAllowed = env.isAllowed(Permission.LIST, new SecuredObjectExtractor() {
+            isAllowed = env.isAllowed(Permission.READ, new SecuredObjectExtractor() {
                 private static final long serialVersionUID = 1L;
 
                 @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/html/UndeployProcessDefinitionTdBuilder.java b/wfe-web/src/main/java/ru/runa/wf/web/html/UndeployProcessDefinitionTdBuilder.java
index da5f34d09c..fe07329d62 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/html/UndeployProcessDefinitionTdBuilder.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/html/UndeployProcessDefinitionTdBuilder.java
@@ -45,7 +45,7 @@
 public class UndeployProcessDefinitionTdBuilder extends BaseTdBuilder {
 
     public UndeployProcessDefinitionTdBuilder() {
-        super(Permission.ALL);
+        super(Permission.DELETE);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionControlHideableBlockAjaxTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionControlHideableBlockAjaxTag.java
index 9764c164b7..5cf7fc0ff5 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionControlHideableBlockAjaxTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionControlHideableBlockAjaxTag.java
@@ -122,6 +122,6 @@ public int doEndTag() throws JspException {
     private boolean isBulkDeployEnabled() {
         User user = Commons.getUser(pageContext.getSession());
         return WebResources.isBulkDeploymentElements() &&
-                Delegates.getAuthorizationService().isAllowed(user, Permission.CREATE, SecuredSingleton.DEFINITIONS);
+                Delegates.getAuthorizationService().isAllowed(user, Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM);
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionFormTag.java
index 06c26ede22..07122b28cc 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/BulkDeployDefinitionFormTag.java
@@ -26,6 +26,7 @@
 import ru.runa.wfe.commons.web.WebHelper;
 import ru.runa.wfe.definition.DefinitionClassPresentation;
 import ru.runa.wfe.security.Permission;
+import ru.runa.wfe.security.SecuredSingleton;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.User;
 
@@ -81,9 +82,14 @@ protected void fillFormData(TD tdFormElement) {
         fillTD(tdFormElement, getForm(), getDefinition().getCategories(), getUser(), pageContext, new StrutsWebHelper(pageContext));
     }
 
+    @Override
+    protected boolean isSubmitButtonEnabled() {
+        return isVisible();
+    }
+
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.CREATE;
+        throw new IllegalAccessError();
     }
 
     @Override
@@ -108,7 +114,7 @@ public String getConfirmationPopupParameter() {
 
     @Override
     protected boolean isVisible() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE, getSecuredObject());
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM);
     }
 
     private static TR createFileInputRow(String label, String name, String value, boolean enabled, boolean required, String type,
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/DefinitionGraphFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/DefinitionGraphFormTag.java
index 2cd6275ad5..ab7d79b2f5 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/DefinitionGraphFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/DefinitionGraphFormTag.java
@@ -75,7 +75,7 @@ protected void fillFormData(final TD tdFormElement) {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/DeployDefinitionLinkTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/DeployDefinitionLinkTag.java
index cc3202da5d..6a3a6957e2 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/DeployDefinitionLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/DeployDefinitionLinkTag.java
@@ -33,7 +33,7 @@ public class DeployDefinitionLinkTag extends LinkTag {
     @Override
     protected boolean isLinkEnabled() {
         return !WebResources.isBulkDeploymentElements()
-                && Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE, SecuredSingleton.DEFINITIONS);
+                && Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ListProcessesDefinitionsFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ListProcessesDefinitionsFormTag.java
index 6118c67359..d4d6582ca6 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ListProcessesDefinitionsFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ListProcessesDefinitionsFormTag.java
@@ -68,7 +68,7 @@ protected void fillFormElement(TD tdFormElement) {
         navigation.addPagingNavigationTable(tdFormElement);
         isButtonEnabled = isUndeployAllowed(definitions);
         TdBuilder[] builders = BatchPresentationUtils.getBuilders(
-                new TdBuilder[] { new CheckboxTdBuilder("id", Permission.ALL), new StartProcessTdBuilder() },
+                new TdBuilder[] { new CheckboxTdBuilder("id", Permission.DELETE), new StartProcessTdBuilder() },
                 batchPresentation, new TdBuilder[] { new PropertiesProcessTdBuilder() });
         String[] prefixCellsHeaders = getGrouppingCells(batchPresentation, definitions);
         SortingHeaderBuilder headerBuilder = new SortingHeaderBuilder(batchPresentation, prefixCellsHeaders, new String[] { "" }, getReturnAction(),
@@ -90,14 +90,12 @@ private String[] getGrouppingCells(BatchPresentation batchPresentation, List<WfD
     }
 
     private boolean isUndeployAllowed(List<WfDefinition> definitions) {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.DEFINITIONS);
-        // TODO If (when) hidden types & permissions are implemented, uncomment and review/edit this.
-//        for (boolean undeploy : Delegates.getAuthorizationService().isAllowed(getUser(), Permission.UNDEPLOY_DEFINITION, definitions)) {
-//            if (undeploy) {
-//                return true;
-//            }
-//        }
-//        return false;
+        for (boolean undeploy : Delegates.getAuthorizationService().isAllowed(getUser(), Permission.DELETE, definitions)) {
+            if (undeploy) {
+                return true;
+            }
+        }
+        return false;
     }
 
     class EnvImpl extends EnvBaseImpl {
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessActiveTaskMonitorTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessActiveTaskMonitorTag.java
index 581f9335d0..1ac24c2d64 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessActiveTaskMonitorTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessActiveTaskMonitorTag.java
@@ -56,7 +56,7 @@ protected boolean isSubmitButtonVisible() {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionDescriptionFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionDescriptionFormTag.java
index ba61006234..d84c7171d2 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionDescriptionFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionDescriptionFormTag.java
@@ -52,7 +52,7 @@ protected boolean isVisible() {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionInfoFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionInfoFormTag.java
index a947ce547e..806fa5b759 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionInfoFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessDefinitionInfoFormTag.java
@@ -67,7 +67,7 @@ protected void fillFormData(TD tdFormElement) {
         nameTR.addElement(new TD(definitionName).setClass(Resources.CLASS_LIST_TABLE_TD));
         TD nameTD = new TD();
         nameTD.setClass(Resources.CLASS_LIST_TABLE_TD);
-        if (Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE, SecuredSingleton.DEFINITIONS)) {
+        if (Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM)) {
             nameTD.addElement(definition.getName() + " (");
             String historyUrl = Commons.getActionUrl(ShowDefinitionHistoryAction.ACTION, "name", definition.getName(), pageContext,
                     PortletUrlType.Render);
@@ -172,7 +172,7 @@ public String getAction() {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessGraphFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessGraphFormTag.java
index 04721aab04..79ac3e9904 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessGraphFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessGraphFormTag.java
@@ -96,7 +96,7 @@ protected void fillFormData(TD td) {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java
index 4b8f09bb95..76ba069b70 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessInfoFormTag.java
@@ -260,7 +260,7 @@ private Element addUpgradeLinkIfRequired(WfProcess process, Element versionEleme
     }
 
     private boolean checkReadable(WfProcess parentProcess) {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.LIST, parentProcess);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.READ, parentProcess);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessSwimlaneMonitorTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessSwimlaneMonitorTag.java
index 33d4559c97..c9c0de4f65 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessSwimlaneMonitorTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessSwimlaneMonitorTag.java
@@ -79,7 +79,7 @@ protected void fillFormData(TD tdFormElement) {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessVariableMonitorTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessVariableMonitorTag.java
index 2f6e6967a5..ce9b9aa897 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessVariableMonitorTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ProcessVariableMonitorTag.java
@@ -17,18 +17,19 @@
  */
 package ru.runa.wf.web.tag;
 
+import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
-
 import org.apache.ecs.html.A;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
 import org.tldgen.annotations.Attribute;
 import org.tldgen.annotations.BodyContent;
-
 import ru.runa.common.WebResources;
 import ru.runa.common.web.Commons;
 import ru.runa.common.web.html.HeaderBuilder;
@@ -39,17 +40,12 @@
 import ru.runa.wf.web.html.ProcessVariablesRowBuilder;
 import ru.runa.wfe.audit.ProcessLogFilter;
 import ru.runa.wfe.commons.CalendarUtil;
-import ru.runa.wfe.commons.SystemProperties;
 import ru.runa.wfe.commons.web.PortletUrlType;
 import ru.runa.wfe.security.Permission;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.user.User;
 import ru.runa.wfe.var.dto.WfVariable;
 
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.JSP, name = "processVariableMonitor")
 public class ProcessVariableMonitorTag extends ProcessBaseFormTag {
 
@@ -92,7 +88,7 @@ protected void fillFormData(TD tdFormElement) {
             historyFilter.setCreateDateFrom(historicalDateFrom);
             variables = Delegates.getExecutionService().getHistoricalVariables(user, historyFilter).getVariables();
         }
-        if (SystemProperties.isUpdateProcessVariablesInAPIEnabled() && Delegates.getExecutorService().isAdministrator(user)) {
+        if (WebResources.isUpdateProcessVariablesEnabled() && Delegates.getExecutorService().isAdministrator(user)) {
             Table table = new Table();
             tdFormElement.addElement(table);
             table.addAttribute("width", "100%");
@@ -122,7 +118,7 @@ protected void fillFormData(TD tdFormElement) {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalFormTag.java
index d1d57c062c..451452e6b2 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalFormTag.java
@@ -11,9 +11,6 @@
 import ru.runa.common.web.tag.TitledFormTag;
 import ru.runa.wf.web.MessagesProcesses;
 import ru.runa.wf.web.action.SendProcessSignalAction;
-import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.service.delegate.Delegates;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "sendProcessSignalForm")
 public class SendProcessSignalFormTag extends TitledFormTag {
@@ -60,6 +57,6 @@ public String getAction() {
 
     @Override
     protected boolean isSubmitButtonEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.PROCESSES);
+        return true;
     }
 }
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalLinkTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalLinkTag.java
index b5c698f107..ab8783c2fd 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/SendProcessSignalLinkTag.java
@@ -5,9 +5,6 @@
 import ru.runa.common.web.tag.LinkTag;
 import ru.runa.wf.web.MessagesProcesses;
 import ru.runa.wfe.commons.web.PortletUrlType;
-import ru.runa.wfe.security.Permission;
-import ru.runa.wfe.security.SecuredSingleton;
-import ru.runa.wfe.service.delegate.Delegates;
 
 @org.tldgen.annotations.Tag(bodyContent = BodyContent.EMPTY, name = "sendProcessSignalLink")
 public class SendProcessSignalLinkTag extends LinkTag {
@@ -22,7 +19,7 @@ protected String getLinkText() {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.ALL, SecuredSingleton.PROCESSES);
+        return true;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowDefinitionsHistoryLinkTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowDefinitionsHistoryLinkTag.java
index 92cf9300ee..de245f3f64 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowDefinitionsHistoryLinkTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowDefinitionsHistoryLinkTag.java
@@ -14,7 +14,7 @@ public class ShowDefinitionsHistoryLinkTag extends LinkTag {
 
     @Override
     protected boolean isLinkEnabled() {
-        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.READ, SecuredSingleton.DEFINITIONS);
+        return Delegates.getAuthorizationService().isAllowed(getUser(), Permission.CREATE_DEFINITION, SecuredSingleton.SYSTEM);
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGanttDiagramTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGanttDiagramTag.java
index d63d7d1fa6..88e687276a 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGanttDiagramTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGanttDiagramTag.java
@@ -89,7 +89,7 @@ private String getBar(Object id, String name, Date start, Date end, String type,
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGraphHistoryFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGraphHistoryFormTag.java
index 4144509839..02167bc0ef 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGraphHistoryFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowGraphHistoryFormTag.java
@@ -158,7 +158,7 @@ protected void fillFormData(final TD formDataTD) {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowHistoryTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowHistoryTag.java
index 15bb70c750..fd9725ec3b 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowHistoryTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowHistoryTag.java
@@ -148,7 +148,7 @@ protected void fillFormData(TD tdFormElement) {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowSystemLogFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowSystemLogFormTag.java
index 9203255752..addbccbf84 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowSystemLogFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowSystemLogFormTag.java
@@ -65,7 +65,7 @@ protected void fillFormElement(TD tdFormElement) {
     }
 
     protected Permission getPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowTasksHistoryTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowTasksHistoryTag.java
index 4326ffbd37..a81fd72e37 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowTasksHistoryTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/ShowTasksHistoryTag.java
@@ -100,7 +100,7 @@ public TR build() {
 
     @Override
     protected Permission getSubmitPermission() {
-        return Permission.LIST;
+        return Permission.READ;
     }
 
     @Override
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/UpdateProcessVariablesFormTag.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/UpdateProcessVariablesFormTag.java
index 33033d8849..39d4026f71 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/UpdateProcessVariablesFormTag.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/UpdateProcessVariablesFormTag.java
@@ -1,7 +1,6 @@
 package ru.runa.wf.web.tag;
 
 import java.util.List;
-
 import org.apache.ecs.html.Div;
 import org.apache.ecs.html.Form;
 import org.apache.ecs.html.Input;
@@ -12,13 +11,12 @@
 import org.apache.ecs.html.Table;
 import org.tldgen.annotations.Attribute;
 import org.tldgen.annotations.BodyContent;
-
+import ru.runa.common.WebResources;
 import ru.runa.common.web.HTMLUtils;
 import ru.runa.common.web.Resources;
 import ru.runa.common.web.tag.TitledFormTag;
 import ru.runa.wf.web.MessagesProcesses;
 import ru.runa.wf.web.action.UpdateProcessVariableAction;
-import ru.runa.wfe.commons.SystemProperties;
 import ru.runa.wfe.execution.dto.WfProcess;
 import ru.runa.wfe.service.delegate.Delegates;
 import ru.runa.wfe.var.VariableDefinition;
@@ -44,7 +42,7 @@ protected void fillFormElement(TD tdFormElement) {
         WfProcess process = Delegates.getExecutionService().getProcess(getUser(), getProcessId());
         List<VariableDefinition> variables = Delegates.getDefinitionService().getVariableDefinitions(getUser(), process.getDefinitionId());
         if (!variables.isEmpty()) {
-            if (SystemProperties.isUpdateProcessVariablesInAPIEnabled() && Delegates.getExecutorService().isAdministrator(getUser())) {
+            if (WebResources.isUpdateProcessVariablesEnabled() && Delegates.getExecutorService().isAdministrator(getUser())) {
                 getForm().setEncType(Form.ENC_UPLOAD);
                 String labelTDWidth = "150px";
 
diff --git a/wfe-web/src/main/java/ru/runa/wf/web/tag/XWorkJavascriptValidator.java b/wfe-web/src/main/java/ru/runa/wf/web/tag/XWorkJavascriptValidator.java
index 84a9047edc..2ad28535a8 100644
--- a/wfe-web/src/main/java/ru/runa/wf/web/tag/XWorkJavascriptValidator.java
+++ b/wfe-web/src/main/java/ru/runa/wf/web/tag/XWorkJavascriptValidator.java
@@ -17,6 +17,10 @@
  */
 package ru.runa.wf.web.tag;
 
+import com.google.common.base.Charsets;
+import com.google.common.base.Throwables;
+import freemarker.template.Configuration;
+import freemarker.template.Template;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -27,7 +31,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import ru.runa.wfe.commons.ClassLoaderUtil;
 import ru.runa.wfe.user.User;
 import ru.runa.wfe.validation.FieldValidator;
@@ -35,12 +38,6 @@
 import ru.runa.wfe.validation.ValidatorContext;
 import ru.runa.wfe.validation.ValidatorManager;
 
-import com.google.common.base.Charsets;
-import com.google.common.base.Throwables;
-
-import freemarker.template.Configuration;
-import freemarker.template.Template;
-
 public class XWorkJavascriptValidator {
 
     public static String getJavascript(User user, byte[] validationXmlBytes) {
@@ -59,7 +56,7 @@ public static String getJavascript(User user, byte[] validationXmlBytes) {
             Set<String> tagNames = new HashSet<String>();
 
             ValidatorContext validatorContext = new ValidatorContext();
-            List<Validator> validators = ValidatorManager.getInstance().createValidators(user, null, null, validationXmlBytes, validatorContext,
+            List<Validator> validators = ValidatorManager.getInstance().createValidators(null, null, validationXmlBytes, validatorContext,
                     new HashMap<String, Object>());
             for (Validator validator : validators) {
                 if (validator instanceof FieldValidator) {
diff --git a/wfe-web/src/main/resources/settingsList.xml b/wfe-web/src/main/resources/settingsList.xml
index 178885eb00..cae69e4ee0 100644
--- a/wfe-web/src/main/resources/settingsList.xml
+++ b/wfe-web/src/main/resources/settingsList.xml
@@ -16,10 +16,6 @@
 		</property>
 		<property title="file.variable.local.storage.enableforfilesgreaterthan" pattern="\d*"/>
 		<property title="date.format.pattern" />
-		<property title="executionServiceAPI.updateVariables.enabled">
-			<value>true</value>
-			<value>false</value>
-		</property>
 		<property title="scriptingServiceAPI.executeGroovyScript.enabled">
 			<value>true</value>
 			<value>false</value>
@@ -61,6 +57,10 @@
 			<value>true</value>
 			<value>false</value>
 		</property>
+		<property title="process.execution.node.async.default">
+			<value>true</value>
+			<value>false</value>
+		</property>
 	</properties_file>
 	
 	<properties_file title="class.presentation.properties">
@@ -184,6 +184,10 @@
 			<value>true</value>
 			<value>false</value>
 		</property>
+		<property title="process.variable.assignment.enabled">
+			<value>true</value>
+			<value>false</value>
+		</property>
 		<property title="process.task.filters.enabled">
 			<value>true</value>
 			<value>false</value>
diff --git a/wfe-web/src/main/resources/web.properties b/wfe-web/src/main/resources/web.properties
index 780a33fb45..3531becc1f 100644
--- a/wfe-web/src/main/resources/web.properties
+++ b/wfe-web/src/main/resources/web.properties
@@ -54,8 +54,8 @@ confirmation.remove.datasource = true
 
 import.export.enabled = true
 
-# Whether update process swimlanes enabled
-process.swimlane.assignment.enabled = false
+process.swimlane.assignment.enabled = true
+process.variable.assignment.enabled = true
 
 process.task.filters.enabled = true
 html.blockElements=address;article;aside;audio;blockquote;canvas;dd;div;dl;fieldset;figcaption;figure;footer;form;h1;h2;h3;h4;h5;h6;header;hgroup;hr;li;main;nav;noscript;ol;output;p;pre;section;table;tfoot;ul;video
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_datafile.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_datafile.jsp
deleted file mode 100644
index 260c15f96a..0000000000
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_datafile.jsp
+++ /dev/null
@@ -1,27 +0,0 @@
-<%@ page pageEncoding="UTF-8" %>
-<%@ taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles"%>
-<%@ taglib uri="/WEB-INF/wf.tld" prefix="wf" %>
-<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html"%>
-<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean"%>
-<tiles:insert page="/WEB-INF/af/main_layout.jsp" flush="true">
-
-<tiles:put name="head" type="string" />
-
-<tiles:put name="body" type="string" >
-<wf:managePermissionsForm securedObjectType="DATAFILE">
-    <table width="100%">
-        <tr>
-            <td align="left">
-                <wf:grantPermissionsLink securedObjectType="DATAFILE"/>
-            </td>
-        </tr>
-    </table>
-</wf:managePermissionsForm>
-
-<wf:exportDataFile />
-<wf:importDataFile />
-</tiles:put>
-
-<tiles:put name="messages" value="../common/messages.jsp" />
-
-</tiles:insert>
\ No newline at end of file
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_errors.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_errors.jsp
deleted file mode 100644
index 4b8004ac91..0000000000
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_errors.jsp
+++ /dev/null
@@ -1,94 +0,0 @@
-<%@page import="ru.runa.common.Version"%>
-<%@ page language="java" pageEncoding="UTF-8" %>
-<%@ taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles"%>
-<%@ taglib uri="/WEB-INF/wf.tld" prefix="wf" %>
-<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html"%>
-<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean"%>
-<tiles:insert page="/WEB-INF/af/main_layout.jsp" flush="true">
-
-<tiles:put name="head" type="string">
-	<script>
-	var systemErrorsVisible = true;
-	var processErrorsVisible = true;
-	$(document).ready(function() {
-		$("#systemErrorsButton").click(function() {
-			if (systemErrorsVisible) {
-				$("#systemErrorsContentDiv").hide();
-				$("#systemErrorsImg").attr("src", "/wfe/images/view_setup_hidden.gif");
-				systemErrorsVisible = false;
-			} else {
-				$("#systemErrorsContentDiv").show();
-				$("#systemErrorsImg").attr("src", "/wfe/images/view_setup_visible.gif");
-				systemErrorsVisible = true;
-			}
-		});
-		$("#processErrorsButton").click(function() {
-			if (processErrorsVisible) {
-				$("#processErrorsContentDiv").hide();
-				$("#processErrorsImg").attr("src", "/wfe/images/view_setup_hidden.gif");
-				processErrorsVisible = false;
-			} else {
-				$("#processErrorsContentDiv").show();
-				$("#processErrorsImg").attr("src", "/wfe/images/view_setup_visible.gif");
-				processErrorsVisible = true;
-			}
-		});
-		$("div.processErrorsFilter input").change(function() {
-			var typeLabel = $(this).closest("label").text();
-			var tds = $("#processErrorsContentDiv table tr").find("td:eq(0)").filter(":contains(" + typeLabel + ")");
-			if ($(this).prop("checked")) {
-				tds.closest("tr").show();
-			} else {
-				tds.closest("tr").hide();
-			}
-		});
-	});
-	</script>
-	<script type="text/javascript" src="<html:rewrite page='<%="/js/errorviewer.js?"+Version.getHash() %>' />">c=0;</script>
-</tiles:put>
-
-<tiles:put name="body" type="string">
-<wf:managePermissionsForm securedObjectType="ERRORS">
-	<table width="100%">
-		<tr>
-			<td align="left">
-				<wf:grantPermissionsLink securedObjectType="ERRORS"/>
-			</td>
-		</tr>
-	</table>
-</wf:managePermissionsForm>
-
-
-<table class='box'><tr><th class='box'><bean:message key="title.errors" /></th></tr>
-<tr><td class='box'>
-	<div>
-		<a id="systemErrorsButton" href="javascript:void(0)" class="link">
-			<img id="systemErrorsImg" class="hideableblock" src="/wfe/images/view_setup_visible.gif">
-			&nbsp;<bean:message key="errors.system" />
-		</a>
-	</div>
-	<div id="systemErrorsContentDiv"> 
-		<wf:viewSystemErrors />
-	</div>
-	<br />
-	<div>
-		<a id="processErrorsButton" href="javascript:void(0)" class="link">
-			<img id="processErrorsImg" class="hideableblock" src="/wfe/images/view_setup_visible.gif">
-			&nbsp;<bean:message key="errors.processes" />
-		</a>
-		<a href="/wfe/activateFailedProcesses.do" style="float: right;">
-			<bean:message key="failed.processes.activate" />
-		</a>
-	</div>
-	<div id="processErrorsContentDiv">
-		<wf:viewProcessErrors />
-	</div>
-</td></tr>
-<tr><td align='right' class='box'>
-	<input value='<bean:message key="button.support" />' class='button' onclick="showSupportFiles();" type='button' <%= request.getAttribute("errorsExist") == null ? "disabled='disabled'" : "" %>>
-</td></tr>
-</table>
-</tiles:put>
-
-<tiles:put name="messages" value="../common/messages.jsp" />
-</tiles:insert>
\ No newline at end of file
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_executors.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_executors.jsp
index f8c8ed7bbc..c71a0b496f 100644
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_executors.jsp
+++ b/wfe-web/src/main/webapp/WEB-INF/af/manage_executors.jsp
@@ -40,8 +40,6 @@ $(document).ready(function() {
 	<wf:createActorLink />
 	&nbsp;&nbsp;&nbsp;
 	<wf:createGroupLink />
-	&nbsp;&nbsp;&nbsp;
-	<wf:managePermissionsLink securedObjectType="EXECUTORS" />
 <%
 if (ru.runa.wfe.security.logic.LdapProperties.isSynchronizationEnabled()) {
 %>
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_relation.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_relation.jsp
index 465545b1f5..531cab2119 100644
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_relation.jsp
+++ b/wfe-web/src/main/webapp/WEB-INF/af/manage_relation.jsp
@@ -20,6 +20,9 @@
 			<td align="left">
 				<wf:createRelationPairLink relationId="<%= relationId %>"/>
 			</td>
+			<td align="right">
+				<wf:managePermissionsLink securedObjectType="RELATION" identifiableId="<%= relationId %>" />
+			</td>
 		</tr>
 	</table>
 </wf:listRelationPairsForm>
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_scripts.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_scripts.jsp
deleted file mode 100644
index 6537fc3336..0000000000
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_scripts.jsp
+++ /dev/null
@@ -1,83 +0,0 @@
-<%@ page pageEncoding="UTF-8" %>
-<%@ page import="ru.runa.common.Version"%>
-<%@ taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles"%>
-<%@ taglib uri="/WEB-INF/wf.tld" prefix="wf" %>
-<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html"%>
-<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean"%>
-<tiles:insert page="/WEB-INF/af/main_layout.jsp" flush="true">
-
-<tiles:put name="head" type="string">
-	<script>
-	var storageVisible = true;
-	$(document).ready(function() {
-		$("#storageButton").click(function() {
-			if (storageVisible) {
-				$("#storageContentDiv").hide();
-				$("#storageImg").attr("src", "/wfe/images/view_setup_hidden.gif");
-				storageVisible = false;
-			} else {
-				$("#storageContentDiv").show();
-				$("#storageImg").attr("src", "/wfe/images/view_setup_visible.gif");
-				storageVisible = true;
-			}
-		});
-		$("a[fileName]").each(function() {
-			$(this).click(function() {
-				editScript($(this).attr("fileName"), "<bean:message key="button.save" />", "<bean:message key="button.execute" />", "<bean:message key="button.cancel" />");
-			});
-		});
-	});
-	</script>
-	<script type="text/javascript" src="<html:rewrite page='<%="/js/xmleditor/codemirror.js?"+Version.getHash() %>' />">c=0;</script>
-	<script type="text/javascript" src="<html:rewrite page='<%="/js/scripteditor.js?"+Version.getHash() %>' />">c=0;</script>
-</tiles:put>
-
-<tiles:put name="body" type="string" >
-<wf:managePermissionsForm securedObjectType="SCRIPTS">
-	<table width="100%">
-		<tr>
-			<td align="left">
-				<wf:grantPermissionsLink securedObjectType="SCRIPTS"/>
-			</td>
-		</tr>
-	</table>
-</wf:managePermissionsForm>
-
-<table class='box'><tr><th class='box'><bean:message key="adminkit.scripts" /></th></tr>
-<tr><td class='box'>
-	<div style="position: relative;">
-		<div style="position: absolute; right: 5px; top: 5px;">
-			<table><tbody><tr>
-				<td class="hideableblock">
-					<a id="storageButton" href="javascript:void(0)" class="link">
-						<img id="storageImg" class="hideableblock" src="/wfe/images/view_setup_visible.gif">
-						&nbsp;<bean:message key="adminkit.savedscripts" />
-					</a>
-				</td>
-			</tr></tbody></table>
-		</div>
-		<div>
-			<table>
-				<tr>
-					<td class='hideableblock'>
-						<a href="javascript:void(0)" class='link' onclick='javascript:uploadScript("<bean:message key="button.save" />", "<bean:message key="button.execute" />", "<bean:message key="button.cancel" />");'><bean:message key="button.upload" /></a>
-						&nbsp;&nbsp;&nbsp;
-						<a href="javascript:void(0)" class='link' onclick='javascript:editScript("", "<bean:message key="button.save" />", "<bean:message key="button.execute" />", "<bean:message key="button.cancel" />");'><bean:message key="button.create" /></a>
-					</td>
-				</tr>
-				<tr>
-					<td>
-					</td>
-				</tr>
-			</table>
-		</div>
-		<div id="storageContentDiv">
-			<wf:viewAdminkitScripts />
-		</div>
-	</div>
-</td></tr></table>
-</tiles:put>
-
-<tiles:put name="messages" value="../common/messages.jsp" />
-
-</tiles:insert>
\ No newline at end of file
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_substitution_criteria.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_substitution_criteria.jsp
deleted file mode 100644
index 38cc2c0245..0000000000
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_substitution_criteria.jsp
+++ /dev/null
@@ -1,40 +0,0 @@
-<%@ page pageEncoding="UTF-8" %>
-<%@ taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles"%>
-<%@ taglib uri="/WEB-INF/wf.tld" prefix="wf" %>
-<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html"%>
-<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean"%>
-<tiles:insert page="/WEB-INF/af/main_layout.jsp" flush="true">
-
-<tiles:put name="head" type="string" />
-
-<tiles:put name="body" type="string" >
-<wf:managePermissionsForm securedObjectType="SUBSTITUTION_CRITERIAS">
-	<table width="100%">
-		<tr>
-			<td align="left">
-				<wf:grantPermissionsLink securedObjectType="SUBSTITUTION_CRITERIAS"/>
-			</td>
-		</tr>
-	</table>
-</wf:managePermissionsForm>
-
-
-<%
-	String substitutionCriteriaIds = "";
-	if (request.getParameter("substitutionCriteriaIds") != null) {
-	    substitutionCriteriaIds = request.getParameter("substitutionCriteriaIds");
-	}
-%>
-<wf:listSubstitutionCriteriasForm buttonAlignment="right" substitutionCriteriaIds="<%= substitutionCriteriaIds %>">
-	<table width="100%">
-	<tr>
-		<td align="left">
-			<wf:addSubstitutionCriteriaLink  />
-		</td>
-	</tr>
-	</table>
-</wf:listSubstitutionCriteriasForm>
-</tiles:put>
-
-<tiles:put name="messages" value="../common/messages.jsp" />
-</tiles:insert>
\ No newline at end of file
diff --git a/wfe-web/src/main/webapp/WEB-INF/af/manage_system.jsp b/wfe-web/src/main/webapp/WEB-INF/af/manage_system.jsp
index d20c9ce8c3..59dc642910 100644
--- a/wfe-web/src/main/webapp/WEB-INF/af/manage_system.jsp
+++ b/wfe-web/src/main/webapp/WEB-INF/af/manage_system.jsp
@@ -1,11 +1,70 @@
 <%@ page pageEncoding="UTF-8" %>
+<%@ page import="ru.runa.common.Version"%>
 <%@ taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles"%>
 <%@ taglib uri="/WEB-INF/wf.tld" prefix="wf" %>
 <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html"%>
 <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean"%>
 <tiles:insert page="/WEB-INF/af/main_layout.jsp" flush="true">
 
-<tiles:put name="head" type="string" />
+<tiles:put name="head" type="string" >
+	<script>
+        var storageVisible = true;
+        var systemErrorsVisible = true;
+        var processErrorsVisible = true;
+        $(document).ready(function() {
+            $("#storageButton").click(function() {
+                if (storageVisible) {
+                    $("#storageContentDiv").hide();
+                    $("#storageImg").attr("src", "/wfe/images/view_setup_hidden.gif");
+                    storageVisible = false;
+                } else {
+                    $("#storageContentDiv").show();
+                    $("#storageImg").attr("src", "/wfe/images/view_setup_visible.gif");
+                    storageVisible = true;
+                }
+            });
+            $("a[fileName]").each(function() {
+                $(this).click(function() {
+                    editScript($(this).attr("fileName"), "<bean:message key="button.save" />", "<bean:message key="button.execute" />", "<bean:message key="button.cancel" />");
+                });
+            });
+            $("#systemErrorsButton").click(function() {
+                if (systemErrorsVisible) {
+                    $("#systemErrorsContentDiv").hide();
+                    $("#systemErrorsImg").attr("src", "/wfe/images/view_setup_hidden.gif");
+                    systemErrorsVisible = false;
+                } else {
+                    $("#systemErrorsContentDiv").show();
+                    $("#systemErrorsImg").attr("src", "/wfe/images/view_setup_visible.gif");
+                    systemErrorsVisible = true;
+                }
+            });
+            $("#processErrorsButton").click(function() {
+                if (processErrorsVisible) {
+                    $("#processErrorsContentDiv").hide();
+                    $("#processErrorsImg").attr("src", "/wfe/images/view_setup_hidden.gif");
+                    processErrorsVisible = false;
+                } else {
+                    $("#processErrorsContentDiv").show();
+                    $("#processErrorsImg").attr("src", "/wfe/images/view_setup_visible.gif");
+                    processErrorsVisible = true;
+                }
+            });
+            $("div.processErrorsFilter input").change(function() {
+                var typeLabel = $(this).closest("label").text();
+                var tds = $("#processErrorsContentDiv table tr").find("td:eq(0)").filter(":contains(" + typeLabel + ")");
+                if ($(this).prop("checked")) {
+                    tds.closest("tr").show();
+                } else {
+                    tds.closest("tr").hide();
+                }
+            });
+        });
+	</script>
+	<script type="text/javascript" src="<html:rewrite page='<%="/js/xmleditor/codemirror.js?"+Version.getHash() %>' />">c=0;</script>
+	<script type="text/javascript" src="<html:rewrite page='<%="/js/scripteditor.js?"+Version.getHash() %>' />">c=0;</script>
+    <script type="text/javascript" src="<html:rewrite page='<%="/js/errorviewer.js?"+Version.getHash() %>' />">c=0;</script>
+</tiles:put>
 
 <tiles:put name="body" type="string" >
 <wf:managePermissionsForm securedObjectType="SYSTEM">
@@ -21,6 +80,62 @@
 	</table>
 </wf:managePermissionsForm>
 
+<%
+	String substitutionCriteriaIds = "";
+	if (request.getParameter("substitutionCriteriaIds") != null) {
+		substitutionCriteriaIds = request.getParameter("substitutionCriteriaIds");
+	}
+%>
+<wf:listSubstitutionCriteriasForm buttonAlignment="right" substitutionCriteriaIds="<%= substitutionCriteriaIds %>">
+	<table width="100%">
+		<tr>
+			<td align="left">
+				<wf:addSubstitutionCriteriaLink  />
+			</td>
+		</tr>
+	</table>
+</wf:listSubstitutionCriteriasForm>
+
+<table class='box'>
+	<tr><th class='box'><bean:message key="adminkit.scripts" /></th></tr>
+	<tr><td class='box'>
+		<div style="position: relative;">
+			<div style="position: absolute; right: 5px; top: 5px;">
+				<table><tbody><tr>
+					<td class="hideableblock">
+						<a id="storageButton" href="javascript:void(0)" class="link">
+							<img id="storageImg" class="hideableblock" src="/wfe/images/view_setup_visible.gif">
+							&nbsp;<bean:message key="adminkit.savedscripts" />
+						</a>
+					</td>
+				</tr></tbody></table>
+			</div>
+			<div>
+				<table>
+					<tr>
+						<td class='hideableblock'>
+							<a href="javascript:void(0)" class='link' onclick='javascript:uploadScript("<bean:message key="button.save" />", "<bean:message key="button.execute" />", "<bean:message key="button.cancel" />");'><bean:message key="button.upload" /></a>
+							&nbsp;&nbsp;&nbsp;
+							<a href="javascript:void(0)" class='link' onclick='javascript:editScript("", "<bean:message key="button.save" />", "<bean:message key="button.execute" />", "<bean:message key="button.cancel" />");'><bean:message key="button.create" /></a>
+						</td>
+					</tr>
+					<tr>
+						<td>
+						</td>
+					</tr>
+				</table>
+			</div>
+			<div id="storageContentDiv">
+				<wf:viewAdminkitScripts />
+			</div>
+		</div>
+	</td></tr>
+</table>
+
+<wf:exportDataFile />
+
+<wf:importDataFile />
+
 <table class='box'><tr><th class='box'><bean:message key="title.monitoring" /></th></tr>
 	<tr>
 		<td class='box'>
@@ -34,6 +149,36 @@
 		</td>
 	</tr>
 </table>
+
+<table class='box'><tr><th class='box'><bean:message key="title.errors" /></th></tr>
+    <tr><td class='box'>
+        <div>
+            <a id="systemErrorsButton" href="javascript:void(0)" class="link">
+                <img id="systemErrorsImg" class="hideableblock" src="/wfe/images/view_setup_visible.gif">
+                &nbsp;<bean:message key="errors.system" />
+            </a>
+        </div>
+        <div id="systemErrorsContentDiv">
+            <wf:viewSystemErrors />
+        </div>
+        <br />
+        <div>
+            <a id="processErrorsButton" href="javascript:void(0)" class="link">
+                <img id="processErrorsImg" class="hideableblock" src="/wfe/images/view_setup_visible.gif">
+                &nbsp;<bean:message key="errors.processes" />
+            </a>
+            <a href="/wfe/activateFailedProcesses.do" style="float: right;">
+                <bean:message key="failed.processes.activate" />
+            </a>
+        </div>
+        <div id="processErrorsContentDiv">
+            <wf:viewProcessErrors />
+        </div>
+    </td></tr>
+    <tr><td align='right' class='box'>
+        <input value='<bean:message key="button.support" />' class='button' onclick="showSupportFiles();" type='button' <%= request.getAttribute("errorsExist") == null ? "disabled='disabled'" : "" %>>
+    </td></tr>
+</table>
 </tiles:put>
 
 <tiles:put name="messages" value="../common/messages.jsp" />
diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties
index 3d24784985..172abe25f1 100644
--- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties
+++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions.properties
@@ -8,7 +8,6 @@ system.properties_task.default.deadline = If task deadline is not set in process
 system.properties_task.almostDeadlinePercents = For task highlighting tasks in tasklist only  
 system.properties_authentication.domain.name = 
 system.properties_date.format.pattern =
-system.properties_executionServiceAPI.updateVariables.enabled = Whether execution of ru.runa.wfe.service.impl.ExecutionServiceBean.updateVariables(User, Long, Map<String, Object>) enabled 
 system.properties_scriptingServiceAPI.executeGroovyScript.enabled = Whether execution of ru.runa.wfe.service.ScriptingService.executeGroovyScript(User, String) enabled 
 system.properties_undefined.variables.allowed = whether undeclared variables (in Developer Studio) enabled 
 system.properties_strong.variables.format.enabled = 
@@ -20,6 +19,7 @@ system.properties_file.variable.local.storage.enableforfilesgreaterthan =
 system.properties_definition.comments.collisions.allowed = Allow uploading process definitions wherein some version comments from old version does not exist
 system.properties_definition.comments.empty.allowed = Allow uploading process definition without new comments
 system.properties_datasource.password.export = Allow datasource password to be imported or exported
+system.properties_process.execution.node.async.default = Use new transaction mode to execute nodes
 
 class.presentation.properties = Presentation settings
 
@@ -54,7 +54,8 @@ web.properties_confirmation.start.process =
 web.properties_confirmation.start.process.noform =
 web.properties_confirmation.use.default.properties = Require confirmation to load default settings 
 web.properties_task.delegation.enabled = Task delegation enabled
-web.properties_process.swimlane.assignment.enabled = Whether update process swimlanes enabled
+web.properties_process.swimlane.assignment.enabled = Allow swimlanes update
+web.properties_process.variable.assignment.enabled = Allow variables update
 web.properties_process.task.filters.enabled = Started processes view contains task filters
 web.properties_import.export.enabled = Import/Export enabled
 web.properties_html.blockElements = List of html block elements devided by ';'
diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties
index cfc798b235..e0a156cb95 100644
--- a/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties
+++ b/wfe-web/src/main/webapp/WEB-INF/classes/settingsDescriptions_ru.properties
@@ -8,7 +8,6 @@ system.properties_task.default.deadline = \u0412\u0440\u0435\u043c\u044f \u0438\
 system.properties_task.almostDeadlinePercents = \u041f\u0440\u043e\u0446\u0435\u043d\u0442 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0446\u0432\u0435\u0442 \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u0432 \u0441\u043f\u0438\u0441\u043a\u0435 \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0439 
 system.properties_authentication.domain.name = \u0418\u043c\u044f \u0434\u043e\u043c\u0435\u043d\u0430 
 system.properties_date.format.pattern = \u0424\u043e\u0440\u043c\u0430\u0442 \u0434\u0430\u0442\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u0444\u043e\u0440\u043c\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0430\u0442\u044b \u0441\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c) 
-system.properties_executionServiceAPI.updateVariables.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u0430 ru.runa.wfe.service.impl.ExecutionServiceBean.updateVariables(User, Long, Map<String, Object>)  
 system.properties_scriptingServiceAPI.executeGroovyScript.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u0430 ru.runa.wfe.service.ScriptingService.executeGroovyScript(User, String 
 system.properties_undefined.variables.allowed = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445, \u043d\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0421\u0440\u0435\u0434\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438?
 system.properties_strong.variables.format.enabled = \u0420\u0435\u0436\u0438\u043c \u0441\u0442\u0440\u043e\u0433\u043e\u0439 \u0442\u0438\u043f\u0438\u0437\u0430\u0446\u0438\u0438. \u0422\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u0442\u0438\u043f\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432 \u0421\u0440\u0435\u0434\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 
@@ -20,6 +19,7 @@ system.properties_file.variable.local.storage.enableforfilesgreaterthan = \u0415
 system.properties_definition.comments.collisions.allowed = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0438\u0437 \u043f\u0440\u0435\u0436\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f
 system.properties_definition.comments.empty.allowed = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043d\u0435\u0442 \u043d\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0435\u0432
 system.properties_datasource.password.export = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0432\u044b\u0433\u0440\u0443\u0436\u0430\u0442\u044c/\u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445
+system.properties_process.execution.node.async.default = \u041F\u043E \u0443\u043C\u043E\u043B\u0447\u0430\u043D\u0438\u044E \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C \u0440\u0435\u0436\u0438\u043C \u043A\u043E\u0440\u043E\u0442\u043A\u0438\u0445 \u0442\u0440\u0430\u043D\u0437\u0430\u043A\u0446\u0438\u0439 \u0434\u043B\u044F \u0432\u044B\u043F\u043E\u043B\u043D\u0435\u043D\u0438\u044F \u0443\u0437\u043B\u043E\u0432
 
 class.presentation.properties = \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043f\u043e\u043b\u0435\u0439 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f
 
@@ -55,6 +55,7 @@ web.properties_confirmation.start.process.noform = \u0417\u0430\u043f\u0440\u043
 web.properties_confirmation.use.default.properties = \u0417\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0435\u043d\u0438\u0435 \u043f\u0440\u0438 \u0441\u0431\u0440\u043e\u0441\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u043d\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e
 web.properties_task.delegation.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0435\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447
 web.properties_process.swimlane.assignment.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044f \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430
+web.properties_process.variable.assignment.enabled = \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430
 web.properties_process.task.filters.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432 \u043f\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u043c \u0437\u0430\u0434\u0430\u0447 \u0432 \u0441\u043f\u0438\u0441\u043a\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432
 web.properties_import.export.enabled = \u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u043c\u043f\u043e\u0440\u0442/\u044d\u043a\u0441\u043f\u043e\u0440\u0442
 web.properties_html.blockElements = \u0421\u043f\u0438\u0441\u043e\u043a \u0431\u043b\u043e\u0447\u043d\u044b\u0445 html-\u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 ';'
diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties
index 8de56a72a2..09c839a0f5 100644
--- a/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties
+++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts.properties
@@ -427,10 +427,6 @@ manage_settings = Settings
 manage_data_sources = Data sources
 
 manage_system = System
-manage_scripts = Scripts
-manage_errors = Errors
-manage_substitution_criteria = Substitution criteria
-manage_datafile = System data
 manage_tasks = Task list
 manage_observable_tasks = Observable tasks
 
@@ -456,19 +452,21 @@ message.upload.file = Upload file
 orgfunction.param.employeeCode = Employee code
 orgfunction.param.executorName = Executor name
 
-permission.ALL = Full access
 permission.CANCEL = Stop process
 permission.CANCEL_PROCESS = Stop process
+permission.CHANGE_SELF_PASSWORD = Change self password
 permission.CREATE = Create
+permission.CREATE_DEFINITION = Deploy process definition
+permission.CREATE_EXECUTOR = Create executor
 permission.DELETE = Delete
 permission.LOGIN = Login
-permission.LIST = List
 permission.READ = Read
+permission.VIEW_LOGS = View logs
 permission.READ_PROCESS = Read process
-permission.START = Start
+permission.START_PROCESS = Start process
 permission.UPDATE = Update
-permission.UPDATE_SELF = Update self
-permission.UPDATE_STATUS = Update status
+permission.UPDATE_ACTOR_STATUS = Update status
+permission.UPDATE_PERMISSIONS = Update permissions
 permission.VIEW_TASKS = View tasks
 
 process.canceled = Process has been stopped
diff --git a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties
index 4bb09137ef..0a2dabda8e 100644
--- a/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties
+++ b/wfe-web/src/main/webapp/WEB-INF/classes/struts_ru.properties
@@ -424,10 +424,6 @@ manage_settings = \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438
 manage_data_sources = \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445
 
 manage_system = \u0421\u0438\u0441\u0442\u0435\u043c\u0430
-manage_scripts = \u0421\u043a\u0440\u0438\u043f\u0442\u044b
-manage_errors = \u041e\u0448\u0438\u0431\u043a\u0438
-manage_substitution_criteria = \u041a\u0440\u0438\u0442\u0435\u0440\u0438\u0438 \u0437\u0430\u043c\u0435\u0449\u0435\u043d\u0438\u044f
-manage_datafile = \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435
 manage_tasks = \u0421\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0434\u0430\u043d\u0438\u0439
 manage_observable_tasks = \u0417\u0430\u0434\u0430\u043d\u0438\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432
 
@@ -454,19 +450,21 @@ orgfunction.param.employeeCode = \u041a\u043e\u0434 \u043f\u043e\u043b\u044c\u04
 orgfunction.param.executorName = \u0418\u043c\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044f
 orgfunction.param.listExecutor = \u0421\u043f\u0438\u0441\u043e\u043a \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u0435\u0439
 
-permission.ALL = \u041f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f
 permission.CANCEL = \u041e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440
 permission.CANCEL_PROCESS = \u041e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440
+permission.CHANGE_SELF_PASSWORD = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0441\u0432\u043e\u0439 \u043f\u0430\u0440\u043e\u043b\u044c
 permission.CREATE = \u0421\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c
+permission.CREATE_DEFINITION = \u0417\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430
+permission.CREATE_EXECUTOR = \u0421\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044f
 permission.DELETE = \u0423\u0434\u0430\u043b\u044f\u0442\u044c
-permission.LOGIN = \u0412\u0445\u043e\u0434 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443
-permission.LIST = \u0421\u043f\u0438\u0441\u043e\u043a
+permission.LOGIN = \u0412\u0445\u043e\u0434\u0438\u0442\u044c
 permission.READ = \u0427\u0438\u0442\u0430\u0442\u044c
+permission.VIEW_LOGS = \u0427\u0438\u0442\u0430\u0442\u044c \u043b\u043e\u0433
 permission.READ_PROCESS = \u0427\u0438\u0442\u0430\u0442\u044c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440
-permission.START = \u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c
+permission.START_PROCESS = \u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441
 permission.UPDATE = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c
-permission.UPDATE_SELF = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0441\u0435\u0431\u044f
-permission.UPDATE_STATUS = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0421\u0442\u0430\u0442\u0443\u0441
+permission.UPDATE_ACTOR_STATUS = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0441\u0442\u0430\u0442\u0443\u0441
+permission.UPDATE_PERMISSIONS = \u0418\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u043c\u043e\u0447\u0438\u044f
 permission.VIEW_TASKS = \u0412\u0438\u0434\u0435\u0442\u044c \u0437\u0430\u0434\u0430\u0447\u0438
 
 process.canceled = \u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d
@@ -478,7 +476,7 @@ process.restore.failure.ONLY_ASYNC_SUBPROCESS_CAN_BE_RESTORED = \u041f\u043e\u04
 process.restore.failure.PROCESS_HAS_BEEN_COMPLETED = \u041f\u0440\u043e\u0446\u0435\u0441\u0441 \u0431\u044b\u043b \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0437\u0430\u0432\u0435\u0440\u0448\u0451\u043d
 process.restore.failure.UNABLE_TO_FIND_ACTIVE_TOKENS_BY_PROCESS_END_DATE = \u041f\u0440\u043e\u0446\u0435\u0441\u0441 \u0431\u044b\u043b \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0434\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0430 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c
 process.not.restored = 
-process.started  = \u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0437\u0430\u043f\u0443\u0449\u0435\u043d {0} 
+process.started  = \u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0437\u0430\u043f\u0443\u0449\u0435\u043d {0}
 process.upgrade.to.definition.version = \u041f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043d\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e
 processes.upgrade.to.definition.version = \u041f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0441\u0435 \u043d\u0435\u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u043d\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e
 processes.upgraded.to.definition.version = {0} \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043d\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e
diff --git a/wfe-web/src/main/webapp/WEB-INF/common/logs.jsp b/wfe-web/src/main/webapp/WEB-INF/common/logs.jsp
index 2c95ee755f..f4fb605c91 100644
--- a/wfe-web/src/main/webapp/WEB-INF/common/logs.jsp
+++ b/wfe-web/src/main/webapp/WEB-INF/common/logs.jsp
@@ -81,16 +81,6 @@ function reloadLogFile() {
 </tiles:put>
 
 <tiles:put name="body" type="string" >
-    <wf:managePermissionsForm securedObjectType="LOGS">
-        <table width="100%">
-            <tr>
-                <td align="left">
-                    <wf:grantPermissionsLink securedObjectType="LOGS"/>
-                </td>
-            </tr>
-        </table>
-    </wf:managePermissionsForm>
-    <br /><br />
 	<b><%= logDirPath %></b><br />
 	<wf:viewLogs logDirPath="<%= logDirPath %>" />
 	<% if (logFileContent != null) { %>
diff --git a/wfe-web/src/main/webapp/WEB-INF/struts-config.xml b/wfe-web/src/main/webapp/WEB-INF/struts-config.xml
index bfd51adfb2..35c057b30b 100644
--- a/wfe-web/src/main/webapp/WEB-INF/struts-config.xml
+++ b/wfe-web/src/main/webapp/WEB-INF/struts-config.xml
@@ -75,10 +75,6 @@
 		<forward name="manage_relations"
 			path="/manage_relations.do?tabForwardName=manage_relations" />
 		<forward name="manage_system" path="/manage_system.do?tabForwardName=manage_system" />
-		<forward name="manage_scripts" path="/manage_scripts.do?tabForwardName=manage_scripts" />
-		<forward name="manage_errors" path="/manage_errors.do?tabForwardName=manage_errors" />
-		<forward name="manage_substitution_criteria" path="/manage_substitution_criteria.do?tabForwardName=manage_substitution_criteria" />
-		<forward name="manage_datafile" path="/manage_datafile.do?tabForwardName=manage_datafile" />
 		<forward name="manage_settings"
 			path="/manage_settings.do?tabForwardName=manage_settings" />
 		<forward name="version" path="/version.do" />
@@ -207,8 +203,8 @@
 		<action path="/deleteSubstitutionCriterias"
 			type="ru.runa.af.web.action.DeleteSubstitutionCriteriasAction" name="substitutionCriteriasForm"
 			scope="request" unknown="false" validate="false">
-			<forward name="success" path="/manage_substitution_criteria.do" redirect="true" />
-			<forward name="failure" path="/manage_substitution_criteria.do" redirect="true" />
+			<forward name="success" path="/manage_system.do" redirect="true" />
+			<forward name="failure" path="/manage_system.do" redirect="true" />
 		</action>
 		<action path="/startProcess" type="ru.runa.wf.web.action.StartProcessAction"
 			name="startProcessForm" scope="request" input="/WEB-INF/wf/manage_process_definitions.jsp"
@@ -253,8 +249,8 @@
 			<forward name="failure" path="/manage_process.do" redirect="true" />
 		</action>
 		<action path="/activateFailedProcesses" type="ru.runa.wf.web.action.ActivateFailedProcessesAction" scope="request">
-			<forward name="success" path="/manage_errors.do" redirect="true" />
-			<forward name="failure" path="/manage_errors.do" redirect="true" />
+			<forward name="success" path="/manage_system.do" redirect="true" />
+			<forward name="failure" path="/manage_system.do" redirect="true" />
 		</action>
 		<action path="/suspendProcessExecution" type="ru.runa.wf.web.action.SuspendProcessExecutionAction" 
 			name="idForm" scope="request">
@@ -619,7 +615,7 @@
 		</action>
 		<action path="/admin_scripts" type="ru.runa.common.web.action.AdminkitScriptsAction"
 			name="adminScriptForm" scope="request" validate="false">
-			<forward name="success" path="/manage_scripts.do" redirect="false" />
+			<forward name="success" path="/manage_system.do" redirect="false" />
 		</action>
 		<action path="/getSessionFile"
 			type="ru.runa.common.web.action.GetSessionFileAction"
@@ -678,10 +674,6 @@
 			parameter="/WEB-INF/af/edit_substitution_criteria.jsp" />
 
 		<action path="/manage_system" type="ru.runa.af.web.action.CheckSingletonPermissionAndForwardAction" parameter="SYSTEM" />
-		<action path="/manage_scripts" type="ru.runa.af.web.action.CheckSingletonPermissionAndForwardAction" parameter="SCRIPTS" />
-		<action path="/manage_errors" type="ru.runa.af.web.action.CheckSingletonPermissionAndForwardAction" parameter="ERRORS" />
-		<action path="/manage_substitution_criteria" type="ru.runa.af.web.action.CheckSingletonPermissionAndForwardAction" parameter="SUBSTITUTION_CRITERIAS" />
-		<action path="/manage_datafile" type="ru.runa.af.web.action.CheckSingletonPermissionAndForwardAction" parameter="DATAFILE" />
 
         <action path="/messages_page" type="org.apache.struts.actions.ForwardAction" parameter="/WEB-INF/common/messages_page.jsp" />
 
@@ -817,8 +809,8 @@
 		</action>
 		<action path="/importDataFileAction" type="ru.runa.wf.web.action.ImportDataFileAction"
 			name="fileForm" scope="request" unknown="false" validate="false">
-			<forward name="success" path="/manage_datafile.do" redirect="true" />
-			<forward name="failure" path="/manage_datafile.do" redirect="true" />
+			<forward name="success" path="/manage_system.do" redirect="true" />
+			<forward name="failure" path="/manage_system.do" redirect="true" />
 		</action>
 		
 		<action path="/update_process_variables" type="org.apache.struts.actions.ForwardAction"
diff --git a/wfe-web/src/main/webapp/WEB-INF/wf/manage_process_definitions.jsp b/wfe-web/src/main/webapp/WEB-INF/wf/manage_process_definitions.jsp
index 279f0ffda6..f144e58169 100644
--- a/wfe-web/src/main/webapp/WEB-INF/wf/manage_process_definitions.jsp
+++ b/wfe-web/src/main/webapp/WEB-INF/wf/manage_process_definitions.jsp
@@ -38,8 +38,6 @@
 		</div>
 		<wf:deployDefinitionLink forward="deploy_definition" /> 
 		<div style="position: absolute; right: 5px; top: 5px;">
-			<wf:managePermissionsLink securedObjectType="DEFINITIONS" />
-			&nbsp;
 			<wf:showDefinitionsHistoryLink forward="show_definitions_history" />
 		</div>
 	</div>
diff --git a/wfe-web/src/main/webapp/WEB-INF/wf/manage_processes.jsp b/wfe-web/src/main/webapp/WEB-INF/wf/manage_processes.jsp
index 9a8230786c..7185ca3834 100644
--- a/wfe-web/src/main/webapp/WEB-INF/wf/manage_processes.jsp
+++ b/wfe-web/src/main/webapp/WEB-INF/wf/manage_processes.jsp
@@ -38,9 +38,6 @@
                 <wf:tableViewSetupForm batchPresentationId="<%= batchPresentationId %>" returnAction="<%= returnAction %>" excelExportAction="/exportExcelProcesses" />
             </wf:viewControlsHideableBlock>
         </div>
-        <div style="position: absolute; right: 5px; top: 5px;">
-            <wf:managePermissionsLink securedObjectType="PROCESSES" />
-        </div>
         <div style="position: absolute; right: 200px; top: 5px;">
         	<wf:sendProcessSignalLink />
         </div>