Issue with Task Assignment

I used camunda modeler and created a user task with assignee as ‘USER1’ . Then I went to task list I can see a task assigned to USER1. Then I logged in as ‘USER2’ and in the task list I am able to remove that assignment and claim that task as ‘USER2’. How can I restrict ‘USER2’ from reassigning any task in tasklist

you can use the authorization service to set the permissions for your users and groups (i.e., using the Camunda Admin Webapp). In particular, the “Task Assign” permission, which allows users to change the assignment of tasks.

1 Like

Hi Stephan,
This is the list of users:

I made the change to Task Authorization, logged out as demo user and logged in as ‘USER2’ and went to task list

there is a task assigned to USER1 but i am still able to reassign it

please guide me what I am doing wrong. I am not able to upload more than 1 screen shot as I am a new user

Can you show me a screenshot of the “Task Authorization”?

1 Like

Sorry, my bad: I forgot to mention an important detail.
By default Camunda ignores any authorization setting.
Go to your config file (i.e., confg/default.yml for Camunda Run) and add the following

    enabled: true
    [... rest of your config...]

Note your users cannot sign in if you have not given them access rights to the Webapps yet:

1 Like

Thanks dude :people_hugging: .

The user task in camunda modeler has an option of User Assignment - in that I specified candidate group as GROUP1 instead of specifying Assigne . With the above settings in Authorization I logged in as ‘USER2’ . I can claim a task that belongs to GROUP1. But USER2 is not part of GROUP1 .How to restrict this ?

So you have four users

  • demo
  • USER1
  • USER2
  • noob

and two groups

  • camundaAdmin = [ demo ]
  • GROUP1 = [ USER1 ]

Now you have a process with a user task, for which you set the candidate group to GROUP1. Is that right?

If so, only demo and USER1 should be able to claim the task (if USER2 does not have the Task Assign permission).
Could you provide a minimal BPMN example that is not working as expected?

recon_poc.bpmn (5.5 KB)

Note: Filter Authorization I have given full access to both USER1 and USER2 . I can restrict the task list and resolve this issue , but I want to know why the USER2 is able to claim GROUP1 tasks

Thanks. I did the following steps

  1. Too your example
  2. Deployed it to Camunda Run v. 7.17
  3. Started an instance with Instructor=Kiran
  4. Logged in as USER2
  5. I cannot see the user task nor perform it
  6. Logged in as USER1: The user task is there
  7. Claimed it
  8. Completed it.

In my setting

  • USER1 is in GROUP1
  • USER2 is in GROUP2
  • USER2’s Task Authorization is set as detailed above.
    So, everything works as expected.

If you do not have the restriction, USER2 is entitled to overwrite the configuration of the model because the Task Assign privilege includes the right to alter the candidate group.

I added USER1 to filter authorization, and have attached Task Authorization as well. The first ss , I claimed the GROUP2 task as USER1

Can you double-check the group assignment for USER1?
I cannot replicate the issue you’re describing.

Unfortunately, I fail to replicate your situation — is the authorization working in general?
For example, if you limit the access of a user to a single Application, does it work?

Hi Stephan,
The authorization are working for me. I had to add user1 and user2 to application authorizaztion for them to able to login

Dear @Milan_Apegaonkar / @StephanHaarmann,

I am also facing the same problem, User1 is able to cliam User2 task, which should not be. so I have tried with all the combination of authorizations, but no luck. Is this above problem resolved. if yes, kindly share the details.

Thanks & Regards,
Prakash R.

I found a work-around. By creating filter type for a particular user and using filter authorization to not allow the user to see other task

1 Like

Dear @Milan_Apegaonkar ,

Thanks for your quick response.
Yes, This scenario is working fine for me as well after enabling the authorization filter.
But my scenario here is,

  1. Created User1, User2 , Group1, Group2
  2. Assigned User1 to Group1, Assigned User2 to Group2
  3. Assigned the Group1 to Task1 and Group2 to Task2
  4. after assigned, I can able to login as User1 and able to cliam Task1 (it’s working as expected)
  5. Also I can able to cliam User2 tasks as well as logged in User1
    (it’s not working as expected)
  6. Question is, How to restrict the User level task cliam?

Note: I have assigned the Candidate Groups to the task but not assigned any assinee.

Kindly suggest me if you have any solutions.

Thanks & Regards,
Prakash R.