Bug 1259981 - Does jBPM6 really authorize the Initiator,Stakeholder,Potential people to "Release" a Task ?
Does jBPM6 really authorize the Initiator,Stakeholder,Potential people to "Re...
Status: NEW
Product: JBoss BPMS Platform 6
Classification: JBoss
Component: Documentation (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: brms-docs@redhat.com
Lukáš Petrovický
Depends On:
  Show dependency treegraph
Reported: 2015-09-03 23:00 EDT by Hiroko Miura
Modified: 2016-01-08 16:57 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Hiroko Miura 2015-09-03 23:00:08 EDT
Title: Task Permissions Matrix

Describe the issue:
- As per the "Table 12.2. Main Operations Permissions Matrix" from our BPMS 6.1 Development Guide [1] the people like "Initiator,Stakeholder,Potential" can perform "release" operation on a Task. (i.e. all roles are marked as "+")

- As per the WS-HT 1.1 specification [2] this is what it says about who can perform "release".

4.10.2 Releasing a Human Task

The current actual owner of a human task can release a task to again make 
it available for all potential owners. A task can be released from active
states that have an actual owner (Reserved, InProgress), 
transitioning it into the Ready state
7.1.5 Operation Authorization

In the table in Page 91,

only Actual Owner is marks as "+".
Initiator and Administrator are marked as "MAY".
Potential Owner is marked as "n/a"

- our jBPM6 code allows only Owner and BusinessAdministrator to perform "release" operation.

        : [ new OperationCommand().{
                status = [ Status.Reserved, Status.InProgress ],
                allowed = [Allowed.Owner, Allowed.BusinessAdministrator ],
                setNewOwnerToNull = true,
                newStatus = Status.Ready
            } ],

[1] https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.1/html/Development_Guide/sect-Task_Permissions.html#Task_Permissions_Matrix
[2] http://docs.oasis-open.org/bpel4people/ws-humantask-1.1-spec-cs-01.pdf

Suggestions for improvement:
- Please check it from respective SME and correct the statement in our document.

Additional information:

Note You need to log in before you can comment on or make changes to this bug.