[jbpm-dev] Help designing JBPM authorization mechanism

Mauricio Salatino salaboy at gmail.com
Tue Aug 30 14:59:18 EDT 2011 

Hi Ramiro,
This is the dev list and we are currently developing version 5.
Most of the things that you want to achieve in jbpm 3.2.10 can be done
externally from the process engine. Both jBPM 3.2.x and jBPM 5
delegates to an external system to authorize, delegate and escalate
your human tasks.

Cheers

2011/8/30 Ramiro Pereira de Magalhães <ramiro.p.magalhaes at gmail.com>:
> Hi there guys.
>
> I'm designing a system in which I intend to use JBPM 3.2.10 as the process
> execution engine. This system should act as a platform over which developers
> will install processes developed as clients demands, but this system will
> also provide means for the end users to access a task list and execute tasks
> that are given to them. I've been able to design almost everything of that
> platform but I'm having serious problems to design the whole user
> authorization module. For you to understand the problem I must explain 2
> things: an important feature of this platform (responsibility delegation)
> and how I need task assignment to work.
>
> Responsibility delegation is a feature with which an user 'A' will be able
> to allow another user 'B' to execute tasks initially assignable to user 'A'.
> This delegation may be programmed to start on a particular day and may or
> may have an expiration date. So, user A may go on vacations while user B is
> responsible to do user A's tasks while he's out. It's not allowed to user B
> delegate tasks to user C while also handling user A tasks.
>
> The task assignment scheme is based on roles and groups in such a way that
> tasks should only be assigned to users that have a certain role inside a
> group he works on. It is possible that many users have the same role in a
> certain process but this task should only be executed once. This is
> important to work this way because that's how my company models processes:
> assigning them to roles and then people to roles. Also, this model helps a
> lot to implement the responsibility delegation feature, since I only have to
> 'lend' to user B his delegator's roles and groups.
>
> The problem is I'm not being able to understand how I can use JBPM's data
> model to apply those concepts, at least not with the material I found in the
> web. Of course, the delegation feature I must design it myself and I see no
> problem with that (it's done already). But while the jbpm identity model
> works great to me, after studying JBPM's concepts such as Swimlanes, Pooled
> actors and Task Instances, I couldn't understand how I'll relate an user
> with the tasks he should be able to execute, considering that each task's
> roles. Can someone shed some light on JBPM's models or provide references
> that would help me design this feature?
>
> Abraços,
> Ramiro Pereira de Magalhães
>
> _______________________________________________
> jbpm-dev mailing list
> jbpm-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jbpm-dev
>
>



-- 
 - CTO @ http://www.plugtree.com
 - MyJourney @ http://salaboy.wordpress.com
- Co-Founder @ http://www.jugargentina.org
 - Co-Founder @ http://www.jbug.com.ar

 - Salatino "Salaboy" Mauricio -

More information about the jbpm-dev mailing list