12.5. Task Permissions

Only users associated with a specific task are allowed to modify or retrieve information about the task. This allows users to create a JBoss BPM Suite workflow with multiple tasks and yet still be assured of both the confidentiality and integrity of the task status and information associated with a task.
Some task operations end up throwing a org.jbpm.services.task.exception.PermissionDeniedException when used with information about an unauthorized user. For example, when a user is trying to directly modify the task (for example, by trying to claim or complete the task), the PermissionDeniedException is thrown if that user does not have the correct role for that operation. Also, users are not able to view or retrieve tasks in Business Central that they are not involved with.

12.5.1. Task Permissions Matrix

The task permissions matrix below summarizes the actions that specific user roles are allowed to do. The cells of the permissions matrix contain one of three possible characters, each of which indicate the user role permissions for that operation:
  • a "+ indicates that the user role can do the specified operation.
  • a "-" indicates that the user role may not do the specified operation.
  • a "_" indicates that the user role may not do the specified operation, and that it is also not an operation that matches the user's role ("not applicable").

Table 12.1. Task Roles in the Permissions Table

Word Role Description
Initiator Task Initiator The user who creates the task instance.
Stakeholder Task Stakeholder The user involved in the task. This user can influence the progress of a task, by performing administrative actions on the task instance.
Potential Potential Owner The user who can claim the task before it has been claimed, or after it has been released or forward. Only tasks that have the status Ready may be claimed. A potential owner becomes the actual owner of a task by claiming the task.
Actual Actual Owner The user who has claimed the task and will progress the task to completion or failure.
Administrator Business Adminstrator A super user who may modify the status or progress of a task at any point in a task's lifecycle.
User roles are assigned to users by the definition of the task in the JBoss BPM Suite (BPMN2) process definition.

Permissions Matrices

The following matrix describes the authorizations for all operations which modify a task:

Table 12.2. Main Operations Permissions Matrix

Operation/Role Initiator Stakeholder Potential Actual Administrator
activate + + _ _ +
claim - + + _ +
complete - + _ + +
delegate + + + + +
fail - + _ + +
forward + + + + +
nominate + + + + +
release + + + + +
remove - _ _ _ +
resume + + + + +
skip + + + + +
start - + + + +
stop - + _ + +
suspend + + + + +