How to restrict only user of a group to claim to complete a task

modibe · September 23, 2022, 11:38am

Hi,

I am using the Camunda Web Application.

Below, my contest:

I have two groups : group_1 and group_2
I have two users : user_1 and user_2
user_1 is member of group_1 and user_2, member of group_2
I have a model with TASK A, where I configure CandidateGroup with group_1

How can I restrict the user_2 to claim the TASK A to complete the task?

Thanks you for your help.
Patrick

modibe · September 30, 2022, 9:34am

If somoene have any idea about this situation?

Thanks for help,
Patrick

hassang · September 30, 2022, 10:47am

Hi @modibe,

Please ensure that authorization is enabled.

If authorization is enabled and candidateGroup is set to group_1 then only members of group_1 could claim the task.

modibe · September 30, 2022, 11:18am

Hi @hassang,

Thanks for your reply.

I enabled the authorization in the default configuration file like this

  authorization.enabled: true
  admin-user:
    id: demo
    password: demo
  run:
type or paste code here

But, no security is applying when a user claim the task.
Are there any configuration I should make in the authorization dashboard?

Thanks for your help,
Patrick

hassang · September 30, 2022, 12:25pm

Hi @modibe,
Could you please share your model…
I assume that groups are created and users are assigned using the admin app.

modibe · September 30, 2022, 12:44pm

Hi @hassang ,

This my model.

Patrick
test_authorization_group.bpmn (3.2 KB)

hassang · September 30, 2022, 1:15pm

Hi @modibe,

Do you mean that user_2 who is a member of group_2 was able to claim Task A?

modibe · September 30, 2022, 1:55pm

Hi @hassang ,

Yes, The user_2 was able to claim TASK A.

In the admin App, I have created users and join them to the rights groups.
With this configuration, It should work.

The authentification is enabled.

Sometimes, I have to do some configuration in the Authorization module?

Patrick

modibe · October 6, 2022, 1:50pm

Hi,
Is somoene is able to help me to solve this issue?

Thanks,
Patrick

hassang · October 7, 2022, 8:31am

Hi @modibe,

Could you please share the authorizations you have on Process Definition resource? Do you have a grant all permissions authorization?

modibe · October 7, 2022, 8:58am

Hi @hassang,

Thanks for your help.

Find below the screenshot of the process definition authorization.

The resourceID “autorisation-group” is the ID of my process.

Thanks,
patrick

hassang · October 7, 2022, 9:25am

Hi @modibe,

Okay…

There are several permissions available on Process Definition resource including Task related permissions (Read Task, Update Task,…) so when both groups are granted all permissions then members of both groups can freely interact with all the tasks belong to the specified process definition.

Try removing Task related permissions from the above authorizations. I believe that Read permission is required and specific users or groups might need to have Create Instance permission.

hassang · October 7, 2022, 9:39am

In short, something similar to below should work

modibe · October 7, 2022, 10:10am

Hi @hassang ,

Thanks a lot. This solution solve my issue.

I add the option “READ TASK” . This make any group visualize the task even if it can’t claim the task.

Patrick

hassang · October 7, 2022, 10:19am

Exactly…permissions should be selected as per the needs.

Buddhi_Sagar_Tiwari · May 31, 2023, 6:57am

Hi @modibe ,

i did the same above steps but still my user 2 of group b can able to claim task A

Akanksha · November 14, 2023, 10:21am

i too am facing the same issue…can anyone please help