Hi,

There is the possibility of blocking tasks that have already been claimed so that they can no longer be claimed, void the claim and reassign the task.

I have 3 groups created, each group has 2 assigned users.

the error that I want to solve is, when the task has already been claimed that the task is blocked, so that it can no longer be claimed.

I show images of what I am trying to say:

The task is started by the user “Jhon Perez” who belongs to the group “com”.

login with another user “Carlos Perez” this user belongs to the group “com”; The task was already started by “Juan Perez” who also belongs to the group “com”, however the user Carlos can delete the user and return to claim the task that has already been claimed.

This is wrong, because the user Juan, may have data filled in or completed in the task and when the task is claimed the data would be lost.

additionally I have activated the authorization in the application.yml file, I am working with forms embedded with SpringBoot.

I need to lock the claimed tasks, so they can no longer be reassigned.

Please I need your help.

Hi @MarioH,

You need to set default task permission to be Task Work instead of Task Update so once task gets claimed then other users who belong to the same group wouldn’t be able to reassign.

https://docs.camunda.org/manual/latest/user-guide/process-engine/authorization-service/#default-task-permissions

Hi, @hassang

Where should I put this, in some particular class or in application.yml?

“defaultUserPermissionNameForTask”

Hi @MarioH,

Since you are using camunda BPM in a spring boot application then below link may be of help to you

Below link lists most commonly used process engine configuration properties including “defaultUserPermissionNameForTask”

I managed to change it in bpm-platform.xml file of the full distribution installation.

Hi, @hassang

For SpringBoot there are no configuration files, like the “bpm-platform.xml” this apparently is used and can be modified when using a web server, and it is easier to have that file but in my case there is no such configuration file.

This is the only thing I have for SpringBoot, the only files that can be modified are “pom.xml” or “application.yml”, everything else is classes, scripts and more.

Hi @MarioH,

Try using generic properties

camunda:
  bpm:
    generic-properties:
      properties:
        default-user-permission-name-for-task: TASK_WORK

Hi @MarioH,

Have you started a new process instance?
Are you trying with a new task instance? or with a previously created task instance?

We should try with a new one since for previously created instance all users who are members of the group have already been granted the Update permission. (not Task Work)

Could you please open the admin app, open task authorizations and have a look at the default permission granted for that specific task?

Hi @MarioH,

Could you please open the admin app, open task authorizations and have a look at the default permission granted for that specific task?

Please share a snip of your view if possible.

Hi @MarioH,

I have run a sample camunda spring boot application twice.

The 1’st time with below yaml content.

spring.datasource.url: jdbc:h2:file:./camunda-h2-database

camunda.bpm.admin-user:
  id: demo
  password: demo
  
camunda.bpm.authorization:
  enabled: true

and the 2’nd time with below yaml content

spring.datasource.url: jdbc:h2:file:./camunda-h2-database

camunda.bpm.admin-user:
  id: demo
  password: demo
  
camunda.bpm.authorization:
  enabled: true
  
camunda:
  bpm:
    generic-properties:
      properties:
        default-user-permission-name-for-task: TASK_WORK

Below snip shows that UPDATE permission has been granted to the created task in the 1’st run
where TASK_WORK permission has been granted to the created task in the 2’nd run.
Which means the configuration took place successfully.

image1903×717 61.8 KB

Hi, @hassang

I added the configuration and it seems that if you add “TASK_WORK”.

061378×457 101 KB

However, the user who already claimed the task can still be reset and the idea is to block it so that it can no longer be claimed.

in my scenario “user1” and “user2” belong to group “com”, group “com” any user who belongs to this group can start a new instance ,.

user1 starts the instance and claims the task.

01735×283 22.1 KB

claimed task.

02743×323 24.8 KB

login with “user2”, the task can be viewed because it belongs to the group “com”, however this user can reset user1 and claim the task.

03746×305 25.9 KB

04740×287 24.5 KB

the task has already been claimed and reassigned to user2,

05755×295 24.1 KB

bad all bad, because user1 already had captured data and when the task is claimed again, everything that had been done is lost.

Please help me, I need to block the task that has already been claimed so that the user can no longer be reset and be claimed by another user.

I’m stuck here and I need to move on with other things in my project.
(Let me know if you need to see my authorization settings, filters, etc, etc.)
Please help.

Hi @MarioH,

I see that we have one authorization in which UPDATE permission has been granted to the group for the task with Id starts with 68c*.

Could you please confirm that you are trying with a different task.

Hi, @hassang,

Yes, it is correct I tried it with another new instance, but it remains the same.

In a few minutes I will share what I have configured in Camunda Admin.

Here are my users for my tests create user1 and user2.}

11356×499 67.1 KB

both users belong to the group “com”

21287×403 39.4 KB

In “Authorizations” assign all groups with all permissions for Tasklist.

31394×377 66.3 KB

In “Authorization” assign the groups with Read and Update permissions, (As the TASK_WORK did not work for me I created the authorization for user1 and user2 in this section.)

41366×445 82.5 KB

In “Filter” all my groups have read and update permissions.

51366×371 69 KB

In “Process Definition”, create the authorizations for my groups, user1 and user2, they belong to the main group that starts an instance and the other groups cannot start a new instance due to the tasks that each group must perform.

Sin título1351×611 137 KB

In “Process instance” the group “with” select all permissions, so that any member of this group can start instances.

61333×575 62.3 KB

@hassang
This is all I have done.

I’m doing something wrong, because even with all this configuration, if the task has already been claimed by user X and this user is performing the task, and another user logs in that belongs to the same group as user X, it displays the task and resets the user and claims the task everything done by any other user will lose their work.

@hassang WHAT I WANT TO ACHIEVE IS TO DEFINITELY BLOCK THE TASKS THAT WERE ALREADY CLAIMED BY X USER, IT DOES NOT MATTER IF THE OTHER USER BELONGS TO THE SAME WORK GROUP, THAT THE USER CANNOT RESET AND CANNOT CLAIM THE PREVIOUS TASK.

Hi @MarioH,

Could you please share with us the full URL of the opened task (tasklist URL while working on the task) and a new snip of “Task Authorizations” view (from admin app).

May l understand what do you mean by below

Hi, @hassang
This is my URL: http: // localhost: 8081 / camunda / app / tasklist / default / # /? searchQuery =% 5B% 5D & filter = 7e34caa6-3673-11eb-b449-c8f750812a95 & sorting =% 5B% 7B “sortBy”: "created “,” sortOrder “:” desc "% 7D% 5D & task = b437c849-5898-11eb-a974-0a0027000003

Here is my authorizations, the authorizations are per group not per user.

11351×171 31.4 KB

21161×399 55.8 KB

31365×383 74.7 KB

Hi @MarioH,

Please share “Task Authorizations” view.
Nothing to do with “Authorization Authorizations”

hi @hassang

here it is:

nos31350×561 148 KB

I just started a new instance, but it is not catching me or registering the activity carried out for user3, user4 and user5.

Hi @MarioH,

What do you mean by “catching me or registering the activity”?

• Please try a simple workflow definition with only one user task in which candidate group is set to a group “for example: group1”.

• Start a new process of it.

• Let one user of the group “group1” claim the task.

• Try to claim the task with another user of the group “group1”.

Hi @MarioH,

I have tried with attached simple model. (You can try the same model) - test-process.bpmn (2.3 KB)

1. [demo] user started a new process instance. (below a snip of “Task Authorizations” after process got started)
   

   

   after-process-started1915×829 56.9 KB

2. [user1] user claimed the task. (below a snip of “Task Authorizations” after Task 1 got claimed by user1)
   

   

   after-claimed-by-user11919×839 63.1 KB

3. [user2] user tried to reset the assignee for the same task but he failed “an exception has been thrown” (below a snip of the thrown exception)
   

   

   user2-tries-to-reset-assignee1920×913 74.6 KB

Hi @MarioH,

Could you please share with us a snip of your “Process Definition Authorizations” view.
Please make sure that “TASK_UPDATE” permission is not given to any for the process definition.

Hi, @hassang

it finally worked, I get an exception when the task has already been claimed; can no longer be claimed by another user belonging to the same workgroup.

yes1333×533 83.1 KB

I don’t know if this was the solution, but I created new users, groups, authorization, filter, definition process and instance process, restart my computer.

Finally I reassigned the groups created for testing and in the end it worked.

Thank you very much for your help and guidance, the problem has been solved.