Manage tenant id of task comments


We would like to work with Task Comments in a multi-tenancy environment. We are using the Engine version 7.12.0.

When we analyzed the Camunda Comment table (“act_hi_comment”) we noticed that this table has a column named “tenant_id_”. So, we supposed that this column is used to filter the comments by tenant. However, we have done some tests adding comments to tasks with different tenants and the column “tenant_id_” is always null.

After checking the “AddCommentCmd” class code, we have noticed that the tenant_id is never setted when a comment is created inside the “execute” method of the class.

We would like to know:

  1. Can we use the column “tenant_id_” of “act_hi_comment” to manage comments in a multi-tenancy environment? or has this column another purpose?
  2. If the column “tenant_id_” is used to manage the tenant, why does this field is not filled in when a comment is created?
  3. We have thought to override the AddCommentCmd to fill in the tenant, do you think that this is a good approach?

Thanks in advance,

User Tasks are attached to a Tenant. And a Comment is attached to a User Task. Which API are you using to access the comments?

Thanks for your reply.

We are using the Java API. We are not using REST.

So, what do you mean? do you think it is not necessary to set the tenant_id in the comments because tasks have already the tenant_id?

Which Java API are you using to access the comments?

When you get Comments: it for a specific Task ID. A Task ID is related to a specific Tenant:…-

To find the comments, we are using this:

  • camundaEngine.getTaskService().getTaskComments(taskId);

To create the comment for a task, we are using:

  • Comment camundaComment = camundaEngine.getTaskService().createComment(taskId, processInstanceId, comment);

So when you create the comment it is tied to a Task ID and a Process Instance ID. A Process Instance can only exist in one Tenant.
Your tenant isolation is at the Process Instance and Task Level, and your comments are tied to a specific Task Instance (Task ID + Process Instance).

Hi @siralopez-gbtec,

I don’t know exactly, but if you invoke identityService.setAuthentication(String userId, List<String> groups, List<String> tenantIds) before the createComment(), the engine should record the tenantId in the database as well.

You may give it a try.

Hope this helps, Ingo

Hi Ingo,

I have checked your suggestion but it still does not work:

camundaEngine.getIdentityService().setAuthentication(userId, newArrayList(), newArrayList(tenantId));
Comment camundaComment = camundaEngine.getTaskService().createComment(taskId, processInstanceId, comment);

The user_id_ is saved in the database but the the tenant_id_ not. The tenant_id_ is always null in “act_hi_comment” table.

I still think that the issue is in AddCommentCmd class, which never set the tenant_id_ when the comment is created.

Any other suggestion?


Hi @siralopez-gbtec,

thank you for coming back with this and point out that my assumption was wrong.

To verify your thesis, you can add a comment through the Tasklist with a user logged in, that belongs to a tenant. Then check the database entry of this comment.

If tenant_id_ is filled, there is a way to set the tenant ID (which I don’t know but could be found in the source code, the huge test suite will help here)

If the tenant_id_ is empty as well, it would be forgotten to implement this feature.

Hope this helps, Ingo

Hi Ingo,

I have done the test that you suggested me and it doesn’t work properly: the tenant_id_ is never filled.

  • I have created a user for “tenant1”.
  • I have created a comment for a task belongs to a process deployed in the “tenant1”.
  • Also, I have created a comment for a task belongs to a process deployed inwithout tenant.

Neither of these cases filled the tenant_id_ of the comment.

Thanks for your help.