I have a User task, and have assigned 2 Candidate Groups and 2 Candidate Users to that user task in modeler,
also i have made the groups and users in Camunda Identity Service using rest APIs, and have also assigned the users to specific groups.
The issue i am facing is that when i try to claim the task using wrong userId ( users which are not created and assigned to specific candidate groups ) is still claiming the task, but i want is that only candidate users can access the task not anyone else,
Can someone help me to solve this problem?
Thanks!
If you set the correct task permissions only users related to the task will be allowed to work with it (e.g. claiming and completing).
You can also decide what permission those users get by default. For that to work you will have to remove the permission to update tasks from all users, that should not be allowed to claim or complete the task.
Can you provide an example of Task Authorization ? that how to create a permission only valid for candidate users which can claim and complete the task
Now if a task is created all users from the groupA and groupB can see the task, but not claim it. Only those users who are candidate users, owner, assignee or part of a candidate group, should now get the authorization to update that specific task.
No you should have it enabled.
Once a task is created, special authorizations will be created to allow users who are related to the task to update it.
If you don’t have any further authorization, that allows other users to update tasks, no other user should be able to claim the task.
Thank you for your reply!
I have made “Task Authorization” for a specific task that only group/users can claim and complete the task.
The permission/authorization is
Type: ALLOW
Group: group1
Permission: READ
Resource ID: b6cdc5f9-5602-1567-ab14-7e2a31e4adbd
I have tried to enter * in place of task ID in Resource ID but didn’t work, is something else i am missing?
I see that two groups (group1 and group2) are set as candidate groups so if you are trying with a user who is member of any of these groups or with a user who is set as candidate user then he/she definitely should be able to claim the task.
Notice: The process engine automatically creates authorizations resources with the default task permission granted to each group set as candidate group and to each user set as candidate user.
Henry is neither a member of any of the two groups nor a member of camunda-admin group, only John and Defoe are members of those two groups, and demo is the member of camunda-admin group
And yes I am testing using Rest API. And what do you mean by distribution used? If its about model, then i am using BPMN along with Rest API, Cockpit and tasklist