Hi,
I understand that by writing authorization rules at proc_def level I can manage permissions over instances, tasks etc. This is a great facility.
Suppose I want to extend this to the processes invoked by a process.
Such as;
order-fulfillment invokes payment processing
and I want to propagate the permissions setup for order-fulfillment onto the ‘payment processing’.
It looks like, Camunda engine is not demanding permissions for the child processes, but, is asking for permissions if user is trying task operations on tasks arising out of the child process (payment processing).
Is there an existing solution for this scenario ?
Currently I am thinking in the following terms:
- Within my application I will maintain a flag (on proc_def rule) whether my admin wants to propagate permissions onto child processes.
- In camunda runtime, add logic that checks if a task under question can be traced to a root process whose above flag is set to true. If true, then, check if the permission there grants permission to this task.
thank you