[CAM-5180] I can use separate permissions to grant a user for different task actions Created: 05/Jan/16  Updated: 30/Jan/17  Resolved: 22/Apr/16

Status: Closed
Project: camunda BPM
Component/s: engine
Affects Version/s: None
Fix Version/s: 7.5.0, 7.5.0-alpha4

Type: Feature Request Priority: L3 - Default
Reporter: Smirnov Roman Assignee: Michael Schoettes
Resolution: Fixed Votes: 0
Remaining Estimate: 0 minutes
Time Spent: Not Specified
Original Estimate: 0 minutes

Issue Links:
is depended on by CAM-5665 In Admin, I can grant TASK_ASSIGN and... Closed
is depended on by CAM-5667 Disable unauthorized actions in tasklist Open
is related to CAM-5866 Adjust default authorizations for tas... Closed


If a user is granted to UPDATE a task, the user is able to

  • reassign the task to another user
  • add/delete from the candidate group(s)/user(s)
  • change the task's due date
  • complete/submit the task
  • claim the task
  • etc.


  • there exists separate permissions
    • one permission "TASK_WORK" to claim and complete/submit the task
    • one permission "TASK_ASSIGN", which summarize the following actions: reassign the task, add/delete candidate groups/users, etc.
    • the permissions can be set on task and process definition level
    • the permission UPDATE includes both these other permissions.


  • the implementation should be backward compatible

Comment by Daniel Meyer [ 25/Apr/16 ]

as discussed: we should stick with variable modifiactions requiring UPDATE permission

Comment by Deivarayan Azhagappan [ 25/Apr/16 ]
  • Changed variable modifications requiring UPDATE permission
Generated at Mon Sep 16 14:16:40 CEST 2019 using JIRA 6.4.6#64021-sha1:33e5b454af4594f54560ac233c30a6e00459507e.