Show Table of Contents
12.5. Task Permissions
Only users associated with a specific task are allowed to modify or retrieve information about the task. This allows users to create a JBoss BPM Suite workflow with multiple tasks and yet still be assured of both the confidentiality and integrity of the task status and information associated with a task.
Some task operations end up throwing a
org.jbpm.services.task.exception.PermissionDeniedException when used with information about an unauthorized user. For example, when a user is trying to directly modify the task (for example, by trying to claim or complete the task), the PermissionDeniedException is thrown if that user does not have the correct role for that operation. Also, users are not able to view or retrieve tasks in Business Central that they are not involved with.
12.5.1. Task Permissions Matrix
The task permissions matrix below summarizes the actions that specific user roles are allowed to do. The cells of the permissions matrix contain one of three possible characters, each of which indicate the user role permissions for that operation:
- a "+ indicates that the user role can do the specified operation.
- a "-" indicates that the user role may not do the specified operation.
- a "_" indicates that the user role may not do the specified operation, and that it is also not an operation that matches the user's role ("not applicable").
Table 12.1. Task Roles in the Permissions Table
| Word | Role | Description |
|---|---|---|
| Initiator | Task Initiator | The user who creates the task instance. |
| Stakeholder | Task Stakeholder | The user involved in the task. This user can influence the progress of a task, by performing administrative actions on the task instance. |
| Potential | Potential Owner | The user who can claim the task before it has been claimed, or after it has been released or forward. Only tasks that have the status Ready may be claimed. A potential owner becomes the actual owner of a task by claiming the task. |
| Actual | Actual Owner | The user who has claimed the task and will progress the task to completion or failure. |
| Administrator | Business Adminstrator | A super user who may modify the status or progress of a task at any point in a task's lifecycle. |
User roles are assigned to users by the definition of the task in the JBoss BPM Suite (BPMN2) process definition.
Permissions Matrices
The following matrix describes the authorizations for all operations which modify a task:
Table 12.2. Main Operations Permissions Matrix
| Operation/Role | Initiator | Stakeholder | Potential | Actual | Administrator |
|---|---|---|---|---|---|
| activate | + | + | _ | _ | + |
| claim | - | + | + | _ | + |
| complete | - | + | _ | + | + |
| delegate | + | + | + | + | + |
| fail | - | + | _ | + | + |
| forward | + | + | + | + | + |
| nominate | + | + | + | + | + |
| release | + | + | + | + | + |
| remove | - | _ | _ | _ | + |
| resume | + | + | + | + | + |
| skip | + | + | + | + | + |
| start | - | + | + | + | + |
| stop | - | + | _ | + | + |
| suspend | + | + | + | + | + |
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.