on 06-18-2018 3:56 PM
Hi,
I have a User Task UI developed for my SAP Cloud Workflow. In this UI, I want to give the users the possibility to delegate a task to somebody else.
For this I am trying to change the "recipientUsers" of the task like this:
$.ajax({url: "/bpmworkflowruntime/rest/v1/task-instances/"
+ oWorkflowData.taskData.InstanceID,
method: "PATCH",
contentType: "application/json",
async: false,
data: "{\"recipientUsers\":\"" + oProcessor.ID + "\"}",
....
This works perfectly as long as the acting user has the global role "WorkflowAdmin". Of course, this role is not given to a "normal" user.
So I came up with the idea to assign "instance-specific" roles to every workflow instance right after it has been created. For this I am using this:
$.ajax({url: "/bpmworkflowruntime/rest/v1/workflow-instances/" +
workflowInstanceId + "/roles",
method: "PATCH",
contentType: "application/json",
async: false,
data: "{\"adminGroups\": \"MyWFAdminGroup\",
\"contextAdminGroups\":\"MyWFContextAdminGroup\"}",
...
This also works perfect if the acting user is "WorkflowAdmin". A task modified like this can be delegated by every "WorkflowParticipant" without Admin privileges
But this makes no sense because the Tasks are not created by an Admin...
With this approach, it is for a normal WF User not possible to create a Task that can be delegated to somebody else. But this it what you would expect to do with a Task assigned to you...
So how to solve this? Being able to delegate a task i crucial for our process.
Regards,
Jürgen
Hi Jürgen,
We will shortly publish an updated version of the REST API documentation for the workflow service, stating that for instance-specific and task-specific roles users need to have the WorkflowParticipant global role assigned.
Best regards,
Astrid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
thanks Sesh for your hint. I will try it. But if I got the first answer from Astrid right, It should work with the API.
Now we assigned all user groups the role "WorkflowAdmin" and it works perfect with the API. So it is definitely a problem with authorizations.
Regards,
Jürgen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
How about using the new feature to set instance-specific roles from a script task?
var admins = $.roles.adminUsers;
admins.push('Julie');
This way you can avoid the API calls to set the roles in the UI.
Regards,
Sesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Astrid,
If I understand you right, it should work if the users have the "WorkflowParticipant" role.
My Users have these roles: "WorkflowContextAdmin", "WorkflowInitiator", "WorkflowParticipant"...
When I call the role API with one of those Users, I always get a response code 403.
Best Regards
Jürgen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
11 | |
8 | |
8 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.