The user with id 'test123' does not have one of the following permissions: 'UPDATE' permission on resource '88be9db0-2c0d-11e7-af74-0050569c781d' of type 'Task' or 'UPDATE_TASK' permission on resource 'carrierQualificationProcess' of type 'ProcessDefinition’
User test123 has permission for resource_id 19df5787-2c07-11e7-af74-0050569c781d.
The resource_id of exception (88be9db0-2c0d-11e7-af74-0050569c781d) does not exist at all.
This is very strange. What kind of resource_id does exception mean?
Camunda has an internal authorization system that is maintained within the “admin” section of the Camunda console. If you go to the Admin page and click on “Authorizations”, you will get some clues as to which resources can be secured.
In your case it appears that you have not authorized that user to modify either that particular process definition or process definitions in general.
I have Task A with authorization for User A.
I have Task B with NO Authorization for User A.
Task B is created when Task A is completed,
Task A is completed from User A.
Task B hast a registered taskListener which updates task Local variable.
Because this is done in same transaction as complete operation the authorization frameworks triggers an error because User A does not have authorization to update Task B (which in fact is task local variable update of task listener in create event).