Hello
How does camunda:candidateUsers attribute influence the Task assignment?
I set an user in this attribute, but the task is not automatically assigned to him.
Also another user (who is not a “candidate”) can claim the task
Is there some functionality in the engine implemented about this attribute or its purpose is to be used in the custom filters, which the user can create?
(and I have similar question about candidateGroups attribute)
candidateUsers attribute marks assigned users as candidates who can claim the task.
If users who are not assigned as candidates can claim the task then it most probably happens because authorization is set as disabled so please enable it then try again.
I am logged in TaskList using user2.
I start the process using user2.
The task is not assigned to the candidate user1.
user2 can see the task in the list with all tasks and can claim it:
Please open admin app, open task authorizations page and check what authorizations are listed there.
If a user has “Update” permission on a task (or “Update Task” permission on the corresponding process definition) then the user is authorized to perform all these task actions
this authorization for user1 is added automatically (probably because he is candidate user)
however user2 does not have any authorizations in the Task section
(he is not part of camunda-admin group)
Then this is the reason why user2 can claim the task.
If a user has “Update” permission on a task (or “Update Task” permission on the corresponding process definition) then the user is authorized to perform all these task actions
Thank you @hassang
When I unticked the Task permissions at Process definition level, the management through the candidateUsers attribute started to work as expected.
I have assigned the permissions to the user administrator as described above, but I can still execute the tasks for Rolle 2 with the User Administrator.
The Permissions are assigned as follows:
I took out TASK_WORK and it works now. The user with Role1 can now only run the tasks for Role1.
I get now an exception when I try to start a process because an authorization for the user already exists:
Caused by: org.apache.ibatis.exceptions.PersistenceException:
### Error flushing statements. Cause: org.apache.ibatis.executor.BatchExecutorException: org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity.insertAuthorization (batch index #1) failed. Cause: java.sql.BatchUpdateException:
A duplicate key row cannot be inserted into the dbo.ACT_RU_AUTHORIZATION object with the unique ACT_UNIQ_AUTH_USER index.
How can I prevent a process from writing the authorizations for a user? To Avoid this Exception …