- Posted In
- Red Hat JBoss BPM Suite
By default, we saw that business adminsitrators are
- user Administrator
- group Administrators
=> We feel legitimate to believe we can use groups for business administrators (a good Identity & Access Management pratice).
We tried to set groups as "BusinessAdministratorId", and we have two problems:
- a "user" is created ... in the entity table instead of a group (because of a "true" user param in a processPeopleAssignments call inside the product method assignBusinessAdministrators ... see jbpm\jbpm-human-task\jbpm-human-task-workitems\src\main\java\org\jbpm\services\task\wih\util\PeopleAssignmentHelper.java ).
- "getTasksAssignedAsBusinessAdministrator" query is user based while there are other queries that take groups into account (see Taskorm.xml : TasksAssignedAsBusinessAdministrator vs TasksAssignedAsPotentialOwnerByStatusByGroup)
- there could be the use of a "BusinessAdministratorGroupId" property in tasks , and a similar method with "false" as processPeopleAssignments parameter.
- there could be a small change in the "getTasksAssignedAsBusinessAdministrator" query to support groups.
Is there a workaround I missed to use groups ?
Is it possible to fix this ?