I see there are ‘candidateStarterUsers’ and ‘candidateStarterGroups’ Camunda Extension Attributes, and also a way to filter ProcessDefinitions with the ‘startableBy’ Query Parameter that seems to work against the ‘candidateStarterUsers’ attribute.
Is it possible to query against ‘candidateStarterGroups’ that are defined in the BPMN?
I also see that RepositoryService.addCandidateStarterUser() and RepositoryService.addCandidateStarterGroup() are deprecated. I’m wondering if I should rely on ‘startableBy’?
I also cannot figure out how to find out what the candidateStarterUser or Groups are for a definition - ‘getIdentityLinksForProcessDefinition()’ is deprecated as well.
Via Rest Api the only option is to query by startableBy.
The engine checks if this user has identity link to the process OR he belongs to a group which has identity link to the process.
No, it is not our case. We use completely external storage for all business data, users, groups, permissions etc. and communicate with Camunda via REST API only, with only getting and setting few formal process variables (statuses etc., e.g. for gateway path decisions, timers…).
Camunda instance currently has only one user account (for monitoring purposes etc.). All tasks have only candidate groups if possible. Candidate groups for user tasks are set in process schemas at design time, user assignment - via tasks REST API at execution time…
Thus, i’ve interested with possibility of process start permission via our “external” groups
You can implement it manually - which is definitely not a part of Camunda API, so do it on your own risk.
You will need to create a ProcessDefinitionQuery and receive the process definitions. The result are instances of ProcessDefinitionEntity, so if you cast them down you will have much more details of the process definitions. Especially, the isStartableInTasklist() attribute and getIdentityLinks() deliver the required information.
In case of getIdentityLinks() you can filter by "candidate" links and retrieve both users and groups.
Important:
The evaluation of identity links requires the IdentityLinkManager to be setup. This is the case in a Camunda Command Context, but is not if you are not inside the Command Context. To get to command context, please implement a Camunda Command<T> which executes your query, and call it using commandExecutor.execute()…