I have a process running with User Task.
I can notice, that a Candidate User is assigned to the task in Cockpit if I have assigned a Candidate User to the User task while creating the process in Camunda Modeler.
I can notice an entry for the same user and the task instance id.
The same thing I can achieve using REST API Add Identity Link ( POST /task/{id}/identity-links
).
But when I unassign the user with REST API (POST /task/{id}/identity-links/delete) then the User is got deleted from the Cockpit, but it is still available in the ACT_RU_AUTHORIZATION table.
And because it is available in the ACT_RU_AUTHORIZATION table, I can still complete the task with that user from REST API.
Should the entry from the ACT_RU_AUTHORIZATION table not be deleted in case of the Delete Identity Link REST call?