Hi Vinod, Can't we include complete task under UPDATE ? Then maybe we can have TASK_CLAIM and UPDATE actions instead of TASK_WORK.
Thanks, Himasha On Thu, Aug 18, 2016 at 3:31 PM, Vinod Kavinda <[email protected]> wrote: > Hi all, > > Our existing implementation had only a few permissions on managing BPMN > related tasks which are not sufficient for our REST based implementation. > With the introduction of new REST APIs, we need to provide more > fine-grained resource authorizations. So I have prepared the following > permission scheme for our C5 based implementation. > > Resource Type Allowed Actions > Deployment READ > CREATE > DELETE > Process Definition READ > UPDATE > READ_HISTORY > DELETE_HISTORY > Process Instance CREATE > READ > UPDATE > DELETE > Task CREATE > READ > UPDATE > DELETE > TASK_ASSIGN > TASK_WORK > > Most of the above terms are self-explanatory. > > TASK_WORK permission is required for claim and complete tasks. TASK_ASSIGN > permission is required to change the assignees and candidate users related > to tasks. However, the UPDATE permission is sufficient for both of these > operations. > > In an implementation point of view, I believe we can load resources and > actions through a policy file (Policy related component is still under > development by IS team) and we can use the CAAS APIs to authorize users > against each REST API method. > > -- > Vinod Kavinda > Software Engineer > *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* > Mobile : +94 (0) 712 415544 > Blog : http://soatechflicks.blogspot.com/ > [image: http://wso2.com/signature] > <http://wso2.com/signature> > > -- Himasha Guruge *Software Engineer* WS*O2* *Inc.* Mobile: +94 777459299 [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
