Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9843

A user can see variables in Tasklist even that they are not supposed to

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Fixed
    • L3 - Default
    • 7.11.0, 7.11.0-alpha3
    • 7.11.0-alpha2
    • engine
    • None

    Description

      Given:

      • process engine configuration introduced in CAM-9591 is enabled - ProcessEngineConfiguration#enforceSpecificVariablePermission
      • user does not have permissions to see variables - no READ_*_VARIABLE
      • filter defines variables

      Observed Behavior:

      • user can see variables in Tasklist (in the list of tasks)

      Expected Behavior:

      • user cannot see variables in Tasklist (in the list of tasks)

      Hints:
      Currently, the authorization check is disabled for this query, please have a look at CAM-6082

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            depends on

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-9881 Task filter properties with nested structures are not deserialised correctly

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed
            is related to

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-6082 Cannot see variables in tasklist with READ Task Authorization

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Feature Request - A new feature of the product, which has yet to be developed. CAM-9591 I can configure whether an operator can see process variables or not

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                michael.schoettes Michael Schoettes
                yana.vasileva Yana Vasileva
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce