I have a software system that handles his own users and groups, this software interact with camunda with REST API.
I try to set the assignee on Task to a User does not exist in Camunda, it works. I try also to set candidate groups on a Task.
Using either user or group that don’t exist in camunda is a correct way? Could I get some bad side effect?
In general, Camunda is agnostic to the actual existence of any users or groups you have. It mainly records which users and groups (think: references to some entity outside of the engine’s scope) are assigned to (potentially) perform a task. Whether or not these users really exist or have the required rights to perform a task, is considered a responsibility that is managed outside of the process engine. The storage of users and groups for task instances is used for example to efficiently query those tasks that a specific user could pick up. How you determine that a particular user is logged in and which task roles (ie, groups) that user has, is up to you. It’s typically part of an existing domain that your application is subject to.
A side effect you might experience, is that you hand out tasks to a group or user that doesn’t actually exist in your own IAM content. In that case, such tasks would probably not be visible to any normal user and remain unclaimed infinitely. So, to avoid that, assignment should make sure to only enable actual users and groups from your own system.
Thanks, you was very clear!