We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-3710

TaskService api methods are restricted through authorizations

    • Icon: Feature Request Feature Request
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.3.0, 7.3.0-alpha3
    • None
    • engine
    • None

      There are two new (authorization) resources:

      • ProcessDefinition
      • Task

      It is possible to define the following permissions on a Task resource:

      • CREATE
      • READ
      • UPDATE
      • DELETE

      and on a ProcessDefinition resource:

      • READ_TASK
      • UPDATE_TASK

      The following authorization checks must be done regarding to the context of the task in which it exists:

      Part of a running process instance:
      (1) READ on Task or READ_TASK on ProcessDefinition to be able to read a task
      (2) UPDATE on Task or UPDATE_TASK on ProcessDefinition to be a able to update a task (e.g. to set an assignee or to complete a task using the TaskService)
      (3) In such a case a DELETE permission defined on a Task resource does not have any effect. (It is not possible to delete a task which is part of a running process instance using TaskService#deleteTask())

      Part of a running case instance:
      It is not necessary to do an authorization check. It is always able to read or to update a task which is part of a running case instance.

      Standalone task:
      (1) READ on Task to be able to read a task
      (2) UPDATE on Task to be a able to update a task (e.g. to set an assignee or to complete a task using the TaskService)
      (3) DELETE on Task to be able to delete a task using the TaskService#deleteTask())

        This is the controller panel for Smart Panels app

            Loading...
            Uploaded image for project: 'camunda BPM'
            1. camunda BPM
            2. CAM-3710

            TaskService api methods are restricted through authorizations

              • Icon: Feature Request Feature Request
              • Resolution: Fixed
              • Icon: L3 - Default L3 - Default
              • 7.3.0, 7.3.0-alpha3
              • None
              • engine
              • None

                There are two new (authorization) resources:

                • ProcessDefinition
                • Task

                It is possible to define the following permissions on a Task resource:

                • CREATE
                • READ
                • UPDATE
                • DELETE

                and on a ProcessDefinition resource:

                • READ_TASK
                • UPDATE_TASK

                The following authorization checks must be done regarding to the context of the task in which it exists:

                Part of a running process instance:
                (1) READ on Task or READ_TASK on ProcessDefinition to be able to read a task
                (2) UPDATE on Task or UPDATE_TASK on ProcessDefinition to be a able to update a task (e.g. to set an assignee or to complete a task using the TaskService)
                (3) In such a case a DELETE permission defined on a Task resource does not have any effect. (It is not possible to delete a task which is part of a running process instance using TaskService#deleteTask())

                Part of a running case instance:
                It is not necessary to do an authorization check. It is always able to read or to update a task which is part of a running case instance.

                Standalone task:
                (1) READ on Task to be able to read a task
                (2) UPDATE on Task to be a able to update a task (e.g. to set an assignee or to complete a task using the TaskService)
                (3) DELETE on Task to be able to delete a task using the TaskService#deleteTask())

                  This is the controller panel for Smart Panels app

                        sebastian.menski Sebastian Menski
                        roman.smirnov Roman Smirnov
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        1 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                              sebastian.menski Sebastian Menski
                              roman.smirnov Roman Smirnov
                              Votes:
                              0 Vote for this issue
                              Watchers:
                              1 Start watching this issue

                                Created:
                                Updated:
                                Resolved: