Limiting access to comment on task to assigned user only

At my customer we have a setup where tasks are assigned to candidate groups based on where in a process we are at. In tasklist the users collect their tasks from a filter that matches their group.

In order to allow users to comment on tasks and view task history, I’ve given READ and READ_HISTORY permission on the process definitions that produce the tasks.

However, the customer wants to limit access to commenting on tasks to only the currently assigned user. Is it possible to do this through the Admin/Authorization interface?

My customer is using Camunda 7.4.5 enterprise edition, but may upgrade later.

Hi @StinaFjeldberg,

The built-in authorization mechanism does not offer to limit access to commenting on tasks to only the currently assigned user.

Do your customer use the Camunda Tasklist? If yes, then you could exclude the “Add Comment” button by excluding the corresponding plugin and provide your own plugin to add a comment, but then you could customize it in a way that the button is only visible (or active), when the logged in user is equal to the assignee of the task.

Here 1 you find some documentation how to exclude on the client side a plugin. In case of the “Add Comment” plugin the plugin key is tasklist.task.action and the feature id is task-action-comment.
In 2 you can read how to develop a plugin by your own. The corresponding plugin point (or plugin key) is tasklist.task.action (see 3).

Does it help you?

Cheers,
Roman

Hi @roman.smirnov ,

thank you for your helpful reply! It was good to get confirmation that I wasn’t missing a feature of the tasklist authorization.

I have suggested the plugin alternative to the customer, thank you for providing information on how it can be done.

Regards,
Stina