Four eyes principle (Revoke authorization)

if someone need to create a four eyes principle mechanism in the camunda using only the java api in the modeler I can show you a solution how to do it using a DENY permission = revoking an access for the user to the specific task.

So lets say you have this scenario.
You have a team_one where are 3 users, user1, user2 and user3, and you also have two tasks which are both assigned to team_one. But these two tasks are the same and the function of the second task is to provide the check over the work that has been done on the first task. The check cannot be done by the user who has been working on the first task.
So when the user1 claims the first task which is assigned to the team_one and he completes the task you want to prevent him from claiming the second task. The second task should be visible only to the user2 and user3.
Here is a picture if the text is not clear enough.

There are more solutions, but if you want to do it with revoking access in permissions you can do it this way.

Working sample process: test4eyesPrincipleRevokeAuth.bpmn (7.1 KB)

The result is whichever user completes the “Task A”, will not see the “Task B” in the tasklist, even he has the needed authorization set up by the group, but the “user” authorization is “stronger” than the group authorization.

1 Like