Help designing JBPM authorization mechanism
by Ramiro Pereira de Magalhães
Hi there guys.
I'm designing a system in which I intend to use JBPM 3.2.10 as the process
execution engine. This system should act as a platform over which developers
will install processes developed as clients demands, but this system will
also provide means for the end users to access a task list and execute tasks
that are given to them. I've been able to design almost everything of that
platform but I'm having serious problems to design the whole user
authorization module. For you to understand the problem I must explain 2
things: an important feature of this platform (responsibility delegation)
and how I need task assignment to work.
Responsibility delegation is a feature with which an user 'A' will be able
to allow another user 'B' to execute tasks initially assignable to user 'A'.
This delegation may be programmed to start on a particular day and may or
may have an expiration date. So, user A may go on vacations while user B is
responsible to do user A's tasks while he's out. It's not allowed to user B
delegate tasks to user C while also handling user A tasks.
The task assignment scheme is based on roles and groups in such a way that
tasks should only be assigned to users that have a certain role inside a
group he works on. It is possible that many users have the same role in a
certain process but this task should only be executed once. This is
important to work this way because that's how my company models processes:
assigning them to roles and then people to roles. Also, this model helps a
lot to implement the responsibility delegation feature, since I only have to
'lend' to user B his delegator's roles and groups.
The problem is I'm not being able to understand how I can use JBPM's data
model to apply those concepts, at least not with the material I found in the
web. Of course, the delegation feature I must design it myself and I see no
problem with that (it's done already). But while the jbpm identity model
works great to me, after studying JBPM's concepts such as Swimlanes, Pooled
actors and Task Instances, I couldn't understand how I'll relate an user
with the tasks he should be able to execute, considering that each task's
roles. Can someone shed some light on JBPM's models or provide references
that would help me design this feature?
Abraços,
Ramiro Pereira de Magalhães