Hey there!
I have defined an assignee for a user task. According to the official Camunda 8 docs, the section on User tasks access restrictions, tasks can be prevented from being visible for other people who are not assigned to the task. In other words, when we assign a user task to a specific user by their username (defined in an IAM service like Keycloak), others cannot see the task.
However, even if I define an assignee for my user task, all the people who have access to the tasklist can reassign the task and complete it. How can I prevent it?
You really can’t do that(yet!) unless you write your own tasklist. Worse, I don’t think you can even keep people who are not part of the candidate group from seeing tasks. It’s not a great situation.
Following the official docs, the section on feature flags, I found out that my Identity component did not have the USER_RESTRICTIONS_ENABLED environment variable. I was able to add and set it true. After a while, I tested the process and it worked!
Now, if a user is not the assignee of a task, even if manages to start the process, they cannot see the task in their tasklist and get this notice:
Which clearly states the lack of permissions to see the task. If you confirm the workaround I will close the thread.
2 Likes
Hey @okaeiz and @Max_CapBPM, just to highlight that the [User task access restrictions | Camunda 8 Docs](https://User Task Access Restriction) allows you to do exactly what you described - just display tasks to users that are “Candidate Users” or “Candidate Groups”.
This was released recently on version 8.4.0 and it’s available only on Self-Managed version. We aim to make it available on SaaS for version 8.5.0 
3 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.