I’m currently working on Authorization System in Camunda. I’m trying to give a permission to user/group to claim a task using TASK_WORK and READ_TASK with a specific Resource ID.
However when User claims for task it gives him UPDATE permission to the claimed task. Now he can change the dates, add variable, read variables etc.
The question is how restrict user permission and propagate only TASK_WORK?
I have the same problem. Could you find a solution for this?
Any luck? Is this problem resoved? I am also facing the same issue.
I did this by building another frontend and backend for this particular product. I store roles in another DB and manage them by our backend. Maybe there is official way to handle this, but I couldn’t find it.
Got it. Thanks for the reply.