Hi,
I see new version of Modeler and BPM platform has ability to create process forms. However I do not understand one thing - how make user A has access to one form and user B to another?
For instance in simple approval process; user A requests for something, user B approves ticket. How to make they both have different views (access to different forms/tasks)?
Regards
Hi @mkelton,
the visibilty is controled by assignee/candiates on the user tasks:
https://docs.camunda.org/manual/7.15/reference/bpmn20/tasks/user-task/#user-assignment-using-camunda-extensions
The form is referenced in the formKey on on user task:
https://docs.camunda.org/manual/7.15/user-guide/task-forms/#form-key
Hope this helps, Ingo
Thank you very much for help. More clear now.
I managed to create user on BPM platform and gave him âApplicationâ rights (cockpit and tasklist).
User can login. But now Iâm trying to understand if user can start a process or process can be only started by admin or API? Suppose this is request for service so ordinary way would be that user starts process, right?
If I click (logged as user) on âstart processâ i see no process name to start. I guess this is because proper rights? What right I should give to him to make it visible?
I rights mangement I have field âResource IDâ. Where to find âResource IDâ? I process definition I see only âDefinition IDâ or âDeployment IDâ.
Regards
Hi @mkelton,
the user needs permissions on the process definition and process instance to start a process instance. You can read more about the details here: Authorization Service | docs.camunda.org
Hope this helps, Ingo
OK, thank you.
And where to find âResource IDâ ? If I understand correctly resource ID can be deployment ID. But if I put it there it does not work.
And why âMy tasksâ menu is empty even if process is started and user is defined as âCandidate userâ in task?
Also make note that there is no concept of variable security. If your user has access to the task they can access/modify all variables in the process.
Thanks for this note. But I still do not know how to limit user rights only to one process definition.
Hello @mkelton ,
a process definition has its own authorization as @Ingo_Richtsmeier already mentioned. If you want a user or group to be allowed to start a process instance from a certain process definition, we will need at least two authorizations:
CREATE_INSTANCE on Process Definition, either with * as Resource ID OR with the Process Definition ID (can be found in cockpit, see screenshot) as Resource ID. Process Definition Key could also work, you can try this as well.CREATE on Process Instance, here a * on Resource ID will do as the ID of the Process Instance cannot be determined.I hope this helps
Jonathan
Thank you Jonathan. I needed some time to test it so late reply.
I made some progress but still not able to understand what to do so user after reaching âtasklistâ menu can see his task. If I give user â*â permision in âfilterâ section - user can build a filter. But if I limit visibility to process name or ID - it does not work. He does see nothing. Although he can build filter - such filter does not work (show nothing). âMy taskâ display nothing but thereâs at least one task assigned to this user.
I do not understand how it works. I should give user filter rights - right? But how to limit rights to specified process ID or name?
Here comes screen of default settings in Camunda. I do not see any process with ID that is there on the screen. Where to find this ID? I followed your instruction but found completly different IDs of preinstalled processes ( I meand preinstalled configuration, filter rights should have ID of the processed that exists in demo camunda - I do not see them).
EDIT:
I see that if I set filter permission to âAccessible by all usersâ then I can give filter rights to specified user in filter Authorization. Probably I can limit filter access to specified user/groups on filter details level.
I still do not get why âMy Tasksâ tab is empty (this user has task open).
