Granular access rights can be configured for restricting access to the Engine component.
SECURITY_ACCESSAUTHORIZATIONS_AUTHORIZATIONNAME_SCOPES_SCOPENAME_ROLESALLOWED:NEEDED_ROLE_NAMES
Possible values for AUTHORIZATIONNAME: MANAGEPROCESSES, MANAGEINSTANCES.
Possible values for SCOPENAME: read, edit, admin.
For example, if you need to configure role access for read, insert this: