User task permission - TASK_WORK

I’m currently working on Authorization System in Camunda. I’m trying to give a permission to user/group to claim a task using TASK_WORK and READ_TASK with a specific Resource ID.
However when User claims for task it gives him UPDATE permission to the claimed task. Now he can change the dates, add variable, read variables etc.
The question is how restrict user permission and propagate only TASK_WORK?


I have the same problem. Could you find a solution for this?