I am using the Camunda Web Application.
Below, my contest:
I have two groups :
group_1 and group_2
I have two users :
user_1 and user_2
user_1 is member of group_1 and user_2, member of group_2
I have a model with
TASK A, where I configure CandidateGroup with group_1
How can I restrict the
user_2 to claim the TASK A to complete the task?
Thanks you for your help.
If somoene have any idea about this situation?
Thanks for help,
Please ensure that authorization is enabled.
If authorization is enabled and candidateGroup is set to group_1 then only members of group_1 could claim the task.
Disallow unauthorized access by securing the Camunda Platform 7.x before going live with your process applications. Understand Camunda user management essentials, enforce authorization for the REST API, define access rights for Camunda specific...
Thanks for your reply.
I enabled the authorization in the default configuration file like this
type or paste code here
But, no security is applying when a user claim the task.
Are there any configuration I should make in the authorization dashboard?
Thanks for your help,
Could you please share your model…
I assume that groups are created and users are assigned using the
This my model.
test_authorization_group.bpmn (3.2 KB)
Do you mean that user_2 who is a member of group_2 was able to claim Task A?
Yes, The user_2 was able to claim TASK A.
In the admin App, I have created users and join them to the rights groups.
With this configuration, It should work.
The authentification is enabled.
Sometimes, I have to do some configuration in the Authorization module?
Is somoene is able to help me to solve this issue?
Could you please share the authorizations you have on
Process Definition resource? Do you have a grant all permissions authorization?
Thanks for your help.
Find below the screenshot of the process definition authorization.
The resourceID “autorisation-group” is the ID of my process.
There are several permissions available on Process Definition resource including
Task related permissions (Read Task, Update Task,…) so when
both groups are granted all permissions then members of both groups can freely interact with all the tasks belong to the specified process definition.
removing Task related permissions from the above authorizations. I believe that
Read permission is required and specific users or groups might need to have
Create Instance permission.
In short, something similar to below should work
Thanks a lot. This solution solve my issue.
I add the option “READ TASK” . This make any group visualize the task even if it can’t claim the task.
Exactly…permissions should be selected as per the needs.
i did the same above steps but still my user 2 of group b can able to claim task A
i too am facing the same issue…can anyone please help