Authorization issue with filter

Hi,

In our process, we have certain groups that want to follow-up on certain user-tasks.
To achieve this, I manually add a task group read permission for that specific task.

Example of Task Authorization:
ALLOW powerdale_read READ 161a559c-78bf-11e6-9e2b-4e8dcd585ba0

Now we have a person that is assigned to 1 group only: powerdale_read.

So now I created a filter in the tasklist that returns all tasks but I would expect that only tasks are shown that have at the very minimum READ rights for the logged in USER or GROUP? Instead, task authorization rules are ignored and I see ALL tasks. Shouldn’t the authorization rules define what users see in combination with the filter configuration?

Is this the normal behaviour in Camunda 7.5.0? Or is something else wrong and should I keep looking?

Your understanding and expectations are correct. Is the engine configuration property authorizationEnabled set to true?

1 Like

Hi Thorben,

Yes, authorizationEnabled is set to true.

<property name="authorizationEnabled">true</property>

Thank you for letting me know that my understanding is correct.
I’ll just continue looking for a mistake then :slight_smile:

Are the tasks created in the context of a CMMN case?

No the tasks are PBMN User Tasks.

If you can identify a series of steps to reproduce the problem starting with a plain Camunda 7.5.0 distribution, then I can take a look. Or any automated test case would be equally fine.

I found my issue :smiley: Classic case of PEBKAC