How to make a user see only tasks that are in his group?

Q&A
1

I’m using Bonita BPM Version : 7.2.3.

I have the following organization:

<?xml version="1.0" encoding="UTF-8"?> <organization:Organization xmlns:organization="http://documentation.bonitasoft.com/organization-xml-schema/1.1"> <customUserInfoDefinitions/> <users> <user userName="requisitante1.dmae"> <firstName>Requisitante1</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="requisitante2.dmae"> <firstName>Requisitante2</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadortecnico1.dmae"> <firstName>Aprovador Técnico 1</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadortecnico2.dmae"> <firstName>Aprovador Técnico 2</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadorfinanceiro1.dmae"> <firstName>Aprovador Financeiro 1</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadorfinanceiro2.dmae"> <firstName>Aprovador Financeiro 2</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadoradministrativo.dmae"> <firstName>Aprovador Administrativo</firstName> <lastName>DMAE</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadoradministrativo.smf"> <firstName>Aprovador Administrativo</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadorfinanceiro1.smf"> <firstName>Aprovador Financeiro 1</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">213</password> <customUserInfoValues/> </user> <user userName="aprovadorfinanceiro2.smf"> <firstName>Aprovador Financeiro 2</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadortecnico1.smf"> <firstName>Aprovador Técnico 1</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="aprovadortecnico2.smf"> <firstName>Aprovador Técnico 2</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="requisitante1.smf"> <firstName>Requisitante 1</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="requisitante2.smf"> <firstName>Requisitante 2</firstName> <lastName>SMF</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> <user userName="celic"> <firstName>CELIC</firstName> <lastName>CELIC</lastName> <manager></manager> <personalData/> <professionalData/> <password encrypted="false">123</password> <customUserInfoValues/> </user> </users> <roles> <role name="AprovadorTecnico"> <displayName>Aprovador Técnico</displayName> </role> <role name="AprovadorFinanceiro"> <displayName>Aprovador Financeiro</displayName> </role> <role name="AprovadorAdministrativo"> <displayName>Aprovador Administrativo</displayName> </role> <role name="requisitante"> <displayName>Requisitante</displayName> </role> <role name="celic"> <displayName>CELIC</displayName> </role> </roles> <groups> <group name="CELIC"> <displayName>CELIC</displayName> </group> <group name="DMAE" parentPath="/CELIC"> <displayName>DMAE</displayName> </group> <group name="SMF" parentPath="/CELIC"> <displayName>SMF</displayName> </group> </groups> <memberships> <membership> <userName>requisitante1.dmae</userName> <roleName>requisitante</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>requisitante2.dmae</userName> <roleName>requisitante</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadortecnico1.dmae</userName> <roleName>AprovadorTecnico</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadortecnico2.dmae</userName> <roleName>AprovadorTecnico</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadorfinanceiro1.dmae</userName> <roleName>AprovadorFinanceiro</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadorfinanceiro2.dmae</userName> <roleName>AprovadorFinanceiro</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadoradministrativo.dmae</userName> <roleName>AprovadorAdministrativo</roleName> <groupName>DMAE</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadoradministrativo.smf</userName> <roleName>AprovadorAdministrativo</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadorfinanceiro1.smf</userName> <roleName>AprovadorFinanceiro</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadorfinanceiro2.smf</userName> <roleName>AprovadorFinanceiro</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadortecnico1.smf</userName> <roleName>AprovadorTecnico</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>aprovadortecnico2.smf</userName> <roleName>AprovadorTecnico</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>requisitante1.smf</userName> <roleName>requisitante</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>requisitante2.smf</userName> <roleName>requisitante</roleName> <groupName>SMF</groupName> <groupParentPath>/CELIC</groupParentPath> </membership> <membership> <userName>celic</userName> <roleName>celic</roleName> <groupName>CELIC</groupName> </membership> </memberships> </organization:Organization>

And the following process:

Process

Finally I have the actor mappings corresponding to the lanes names (The actor Requisitante is the actor of the lane Requisitante and the role is Requisitante and so on).

I would like only the users inside a group to be able to view the tasks started by a user of that group (if a “requisitante” from “SMF” starts a task, the users from the group “DMAE” would not be able to see it even if they had that same role, because they don’t belong to the same groups).

The problem is that this is not happening. I know that I can solve it by using user filters, but I don’t know if this is the most “correct” and straightforward solution. I think that this could be simpler.

2

Hi,

I think the only way is to use “actor filter”. This is the main purpose of actor filter actually, to filter the list of candidates based on a dynamic parameter, in your case the initiator of the case.

The actor mapping provide a static mapping between a actor name and the organization (users, role or groups). There is no way to make that mapping dynamic according to who started the case.

Cheers