Restrict access for user groups to certain process steps

Hello,

Is there a way to restrict certain process steps for certain user groups? I see the candidate groups in the modeler, but I understood that those are not restrictions and any other user can see those steps / tasks to themselves any way.

Thanks and kind regards,
Deniss

Hello @Deniss_Makarenkov

When you set candidate group for a specific task then by default UPDATE permission is granted for that task to all users who are members of that candidate group.

See below link for more details

https://docs.camunda.org/manual/7.7/user-guide/process-engine/authorization-service/#default-task-permissions

You can use the filters concept to restrict the display of specific tasks to the assigned candidate group (see filter name “Tasks of a specific group” in below link)

https://docs.camunda.org/manual/7.7/webapps/tasklist/filters/#common-filters

1 Like

Hello! First time posting on the forum. Found this old thread, thought I’d ask on here instead of creating a new thread to benefit others than may come along after me.

So I’m using Camunda BPM Run and I’m trying to set the configuration property defaultUserPermissionNameForTask to TASK_WORK via the default.yml configuration file.

It seems the app detects the property just fine (it complains when I add in some other string like “Task Work”). But it seems to have no effect (i.e. I expect a user who doesn’t belong to the user task’s candidate groups or candidate users, to not be able to see it on their Tasklist app - but they do anyway).

Am I missing something?

Hi @saifulss,

have you enabled the authorization at all: https://docs.camunda.org/manual/latest/user-guide/process-engine/authorization-service/#when-are-authorizations-checked

Hope this helps, Ingo