I’ll take a shot here, but your best option may be to make a direct query to the database where such permissions are maintained. The challenge may be capturing the precise query needed to retrieve what you are looking for. If you have a MySQL database, you could stop all workflows on the Camunda server so that it is “quiet”, then turn on the general log in MySQL. Then, attempt to start a process as the user. You should see any queries executed to process the request and the query you need to determine user permissions could be in those.
If you have that query, then you’ve a few options:
You can directly query MySQL from your client.
You can write write a process that will run the query for you and return a list.
You can write a small REST service to execute the query for you and return rows with the results.
hey @thorben, just to confirm your comment, there is an implementation here (java source) and here (ORM xml query mapping).
we can link identity to a task by calling POST /task/{id}/identity-links but there is no API to link user/group to an activity in a process definition. maybe possible at deployment time