diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php
index 79136e0e5..42ad9a4fd 100644
--- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php
@@ -1744,22 +1744,6 @@ class Cases
         Validator::isString($usr_uid, '$usr_uid');
         Validator::usrUid($usr_uid, '$usr_uid');
 
-        $appCacheView = new \AppCacheView();
-        $isProcessSupervisor = $appCacheView->getProUidSupervisor($usr_uid);
-        $criteria = new \Criteria("workflow");
-        $criteria->addSelectColumn(\AppDelegationPeer::APP_UID);
-        $criteria->add(\AppDelegationPeer::APP_UID, $app_uid, \Criteria::EQUAL);
-        $criteria->add(\AppDelegationPeer::USR_UID, $usr_uid, \Criteria::EQUAL);
-        $criteria->add(
-            $criteria->getNewCriterion(\AppDelegationPeer::USR_UID, $usr_uid, \Criteria::EQUAL)->addOr(
-            $criteria->getNewCriterion(\AppDelegationPeer::PRO_UID, $isProcessSupervisor, \Criteria::IN))
-        );
-        $rsCriteria = \AppDelegationPeer::doSelectRS($criteria);
-
-        if (!$rsCriteria->next()) {
-            throw (new \Exception(\G::LoadTranslation("ID_NO_PERMISSION_NO_PARTICIPATED", array($usr_uid))));
-        }
-
         $case = new \Cases();
         $fields = $case->loadCase($app_uid);
 
@@ -3006,5 +2990,59 @@ class Cases
         $c->add(\AppDelegationPeer::DEL_FINISH_DATE, null, \Criteria::ISNULL);
         return !(boolean) \AppDelegationPeer::doCount($c);
     }
+
+    public function checkUserHasPermissionsOrSupervisor($userUid, $applicationUid, $dynaformUid)
+    {
+        if (!empty($dynaformUid)) {
+            $arrayApplicationData = $this->getApplicationRecordByPk($applicationUid, [], false);
+            //Check whether the process supervisor
+            $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor();
+            $userAccess = $supervisor->isUserProcessSupervisor($arrayApplicationData['PRO_UID'], $userUid);
+            //Check if have objects assigned (Supervisor)
+            $cases = new \Cases();
+            $resultDynaForm = $cases->getAllDynaformsStepsToRevise($applicationUid);
+            $flagSupervisors = false;
+            while ($resultDynaForm->next()) {
+                $row = $resultDynaForm->getRow();
+                if ($row["STEP_UID_OBJ"] = $dynaformUid) {
+                    $flagSupervisors = true;
+                    break;
+                }
+            }
+            //Check if have permissions VIEW
+            $case = new \Cases();
+            $arrayAllObjectsFrom = $case->getAllObjectsFrom($arrayApplicationData['PRO_UID'], $applicationUid, '', $userUid, 'VIEW', 0);
+            $flagPermissionsVIEW = false;
+            if (array_key_exists('DYNAFORMS', $arrayAllObjectsFrom) &&
+                !empty($arrayAllObjectsFrom['DYNAFORMS'])
+            ) {
+                foreach ($arrayAllObjectsFrom['DYNAFORMS'] as $value) {
+                    if ($value == $dynaformUid) {
+                        $flagPermissionsVIEW = true;
+                    }
+                }
+            }
+            //Check if have permissions BLOCK
+            $arrayAllObjectsFrom = $case->getAllObjectsFrom($arrayApplicationData['PRO_UID'], $applicationUid, '', $userUid, 'BLOCK', 0);
+            $flagPermissionsBLOCK = false;
+            if (array_key_exists('DYNAFORMS', $arrayAllObjectsFrom) &&
+                !empty($arrayAllObjectsFrom['DYNAFORMS'])
+            ) {
+                foreach ($arrayAllObjectsFrom['DYNAFORMS'] as $value) {
+                    if ($value == $dynaformUid) {
+                        $flagPermissionsBLOCK = true;
+                    }
+                }
+            }
+            return ($flagSupervisors && $userAccess) || $flagPermissionsVIEW || $flagPermissionsBLOCK;
+        } else {
+            $arrayResult = $this->getStatusInfo($applicationUid, 0, $userUid);
+            $flagParticipated = false;
+            if ($arrayResult) {
+                $flagParticipated = true;
+            }
+            return $flagParticipated;
+        }
+    }
 }
 
diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php
index 2ada81dfc..c3429d67b 100644
--- a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php
@@ -33,8 +33,15 @@ class Cases extends Api
     {
         try {
             $methodName = $this->restler->apiMethodInfo->methodName;
-
+            $arrayArgs  = $this->restler->apiMethodInfo->arguments;
             switch ($methodName) {
+                case 'doGetCaseVariables':
+                    $applicationUid = $this->parameters[$arrayArgs['app_uid']];
+                    $dynaformUid = $this->parameters[$arrayArgs['dyn_uid']];
+                    $userUid = $this->getUserId();
+                    $oCases = new \ProcessMaker\BusinessModel\Cases();
+                    return $oCases->checkUserHasPermissionsOrSupervisor($userUid, $applicationUid, $dynaformUid);
+                    break;
                 case 'doPostReassign':
                     $arrayParameters = $this->parameters[0]['cases'];
                     $usrUid = $this->getUserId();
@@ -68,8 +75,6 @@ class Cases extends Api
                     }
                     break;
             }
-
-            //Return
             return false;
         } catch (\Exception $e) {
             throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
@@ -884,19 +889,24 @@ class Cases extends Api
     /**
      * Get Case Variables
      *
-     * @param string $app_uid {@min 1}{@max 32}
-     *
-     * @author Brayan Pereyra (Cochalo) <brayan@colosa.com>
-     * @copyright Colosa - Bolivia
-     *
+     * @access protected
+     * @class  AccessControl {@className \ProcessMaker\Services\Api\Cases}
      * @url GET /:app_uid/variables
+     *
+     * @param string $app_uid {@min 1}{@max 32}
+     * @param string $dyn_uid
+     * @param string $pro_uid
+     * @param string $act_uid
+     * @param int $app_index
+     * @return mixed
+     * @throws RestException
      */
-    public function doGetCaseVariables($app_uid)
+    public function doGetCaseVariables($app_uid, $dyn_uid = null, $pro_uid = null, $act_uid = null, $app_index = null)
     {
         try {
             $usr_uid = $this->getUserId();
             $cases = new \ProcessMaker\BusinessModel\Cases();
-            $response = $cases->getCaseVariables($app_uid, $usr_uid);
+            $response = $cases->getCaseVariables($app_uid, $usr_uid, $dyn_uid, $pro_uid, $act_uid, $app_index);
             return DateTime::convertUtcToIso8601($response);
         } catch (\Exception $e) {
             throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()));
@@ -1217,4 +1227,5 @@ class Cases extends Api
             throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
         }
     }
+
 }
diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Light.php b/workflow/engine/src/ProcessMaker/Services/Api/Light.php
index 418acaebd..e31eedd0d 100644
--- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php
@@ -1515,9 +1515,17 @@ class Light extends Api
     /**
      * Get Case Variables
      *
-     * @param string $app_uid {@min 1}{@max 32}
-     *
+     * @access protected
+     * @class  AccessControl {@className \ProcessMaker\Services\Api\Cases}
      * @url GET /:app_uid/variables
+     *
+     * @param string $app_uid {@min 1}{@max 32}
+     * @param string $dyn_uid
+     * @param string $pro_uid
+     * @param string $act_uid
+     * @param int $app_index
+     * @return mixed
+     * @throws RestException
      */
     public function doGetCaseVariables($app_uid, $dyn_uid = null, $pro_uid = null, $act_uid = null, $app_index = null)
     {