Grant task-read-permission on process-instance-level

According to the docs, I can grant the permission to read tasks on a specific process definition.
In my application, I’d like to grant this permission for specific process instances only, and not for all instances of a definition. Is this possible—or does this require some custom queries to be added in my spring boot application?

That shouldn’t be a problem, it’s detailed here.

According to this section, there are only 3 extra permissions, that can be assigned to process instances, namely Retry Job, Suspend, and Update Variable. I would need the Task Read permission, but it is not listed. Would it work anyway?

Hi Timo,

Is it sufficient to assign READ permission to specific Process instance?
Or you want to be restricted to the Tasks only?

Probably, I should bring up an example. Let’s say I have a process with pupils and teachers. (In fact, it’s an e-learning setting.)

  • The pupils should see all tasks that they candidate for or are assigned to (no matter the process instance.)
  • The teachers should be able to see all tasks of their pupils (all tasks, but only within certain process instances – because each process instances can belong to another teacher, and each teacher should only see her or his own instances.)
  • As a plus: The teachers should be able to spawn new instances – and for these instances, they should have again the permission to supervise their pupils.

How can I achieve, that

  • The pupils see all assigned-or-candidate tasks?
  • The teachers see all tasks within their own instances?
  • As a plus: Each teachers “owns” all instances created by her- or himself?

Thank you very much,

Hi Timo,

Your explanation helped a lot to get the whole picture.
I think you can achieve your requirements easily.

  • Create a two task filters (one for teachers and one for students (only assigned tasks)). [1]
  • Once a task is assigned to a user, this user has all of the needed permissions so that this user can read and work on the task, so this will work out of the box for the students.
  • Create READ permission for specific process instances for each of the teachers.
  • Further you can think of using tenants for teachers. [2]

Dear @timostolz,

Do we have any possiblity to enable the task level user permission.

Scenario is,

  1. Created Manager and Sales group and Created User1, User2 linked with Manager. User3, User3 linked with Sales group.
  2. Created two task, Task1 candidate group assigned with Manager. Task2 candidate group assigned with Sales.
  3. Manager associated user can be able to cliam and complete their task
  4. Sales associated user can be able to cliam and complete their task

Note:- Task Id (GUID) is generated one by one only, once completed first task then only second task id is generated. so I am not able to enable the configuration in Task Authorization page.

Any suggestion on this queries.

Thanks & Regards,
Prakash R.