@antonior One way you could handle a “blacklist” of users is to assign all potential users (or groups), but on task creation use the mechanism I pointed to to compile the blacklist for that task instance and store it as a task local variable. Then when querying for a list of tasks, make sure to also retrieve the local variables and filter based on your blacklist whether the user gets to see the task in the list. Should they circumvent it somehow, you can use the same blacklist variable to double-check on assignment (claim) of the task.