Search code examples
business-process-managementbonita

Bonita BPM - How to make a user see only tasks that are in his group?

I'm using Bonita BPM Version : 7.2.3.

I have the following organization: 

<?xml version="1.0" encoding="UTF-8"?>
<organization:Organization xmlns:organization="http://documentation.bonitasoft.com/organization-xml-schema/1.1">
  <customUserInfoDefinitions/>
  <users>
    <user userName="requisitante1.dmae">
      <firstName>Requisitante1</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="requisitante2.dmae">
      <firstName>Requisitante2</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadortecnico1.dmae">
      <firstName>Aprovador Técnico 1</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadortecnico2.dmae">
      <firstName>Aprovador Técnico 2</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadorfinanceiro1.dmae">
      <firstName>Aprovador Financeiro 1</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadorfinanceiro2.dmae">
      <firstName>Aprovador Financeiro 2</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadoradministrativo.dmae">
      <firstName>Aprovador Administrativo</firstName>
      <lastName>DMAE</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadoradministrativo.smf">
      <firstName>Aprovador Administrativo</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadorfinanceiro1.smf">
      <firstName>Aprovador Financeiro 1</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">213</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadorfinanceiro2.smf">
      <firstName>Aprovador Financeiro 2</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadortecnico1.smf">
      <firstName>Aprovador Técnico 1</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="aprovadortecnico2.smf">
      <firstName>Aprovador Técnico 2</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="requisitante1.smf">
      <firstName>Requisitante 1</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="requisitante2.smf">
      <firstName>Requisitante 2</firstName>
      <lastName>SMF</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
    <user userName="celic">
      <firstName>CELIC</firstName>
      <lastName>CELIC</lastName>
      <manager></manager>
      <personalData/>
      <professionalData/>
      <password encrypted="false">123</password>
      <customUserInfoValues/>
    </user>
  </users>
  <roles>
    <role name="AprovadorTecnico">
      <displayName>Aprovador Técnico</displayName>
    </role>
    <role name="AprovadorFinanceiro">
      <displayName>Aprovador Financeiro</displayName>
    </role>
    <role name="AprovadorAdministrativo">
      <displayName>Aprovador Administrativo</displayName>
    </role>
    <role name="requisitante">
      <displayName>Requisitante</displayName>
    </role>
    <role name="celic">
      <displayName>CELIC</displayName>
    </role>
  </roles>
  <groups>
    <group name="CELIC">
      <displayName>CELIC</displayName>
    </group>
    <group name="DMAE" parentPath="/CELIC">
      <displayName>DMAE</displayName>
    </group>
    <group name="SMF" parentPath="/CELIC">
      <displayName>SMF</displayName>
    </group>
  </groups>
  <memberships>
    <membership>
      <userName>requisitante1.dmae</userName>
      <roleName>requisitante</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>requisitante2.dmae</userName>
      <roleName>requisitante</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadortecnico1.dmae</userName>
      <roleName>AprovadorTecnico</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadortecnico2.dmae</userName>
      <roleName>AprovadorTecnico</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadorfinanceiro1.dmae</userName>
      <roleName>AprovadorFinanceiro</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadorfinanceiro2.dmae</userName>
      <roleName>AprovadorFinanceiro</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadoradministrativo.dmae</userName>
      <roleName>AprovadorAdministrativo</roleName>
      <groupName>DMAE</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadoradministrativo.smf</userName>
      <roleName>AprovadorAdministrativo</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadorfinanceiro1.smf</userName>
      <roleName>AprovadorFinanceiro</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadorfinanceiro2.smf</userName>
      <roleName>AprovadorFinanceiro</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadortecnico1.smf</userName>
      <roleName>AprovadorTecnico</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>aprovadortecnico2.smf</userName>
      <roleName>AprovadorTecnico</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>requisitante1.smf</userName>
      <roleName>requisitante</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>requisitante2.smf</userName>
      <roleName>requisitante</roleName>
      <groupName>SMF</groupName>
      <groupParentPath>/CELIC</groupParentPath>
    </membership>
    <membership>
      <userName>celic</userName>
      <roleName>celic</roleName>
      <groupName>CELIC</groupName>
    </membership>
  </memberships>
</organization:Organization>

And the following process:

enter image description here

Finally I have the actor mappings corresponding to the lanes names (The actor Requisitante is the actor of the lane Requisitante and the role is Requisitante and so on).

I would like only the users inside a group to be able to view the tasks started by a user of that group (if a "requisitante" from "SMF" starts a task, the users from the group "DMAE" would not be able to see it even if they had that same role, because they don't belong to the same groups).

The problem is that this is not happening. I know that I can solve it by using user filters, but I don't know if this is the most "correct" and straightforward solution. I think that this could be simpler.

Solution

  • If I'm understanding correctly your tasks are mapped to users based on their roles. You also have a constraint depending on who start the process. Tasks of a given process instance should only be available to users in the same group as the initiator.

    Actor mapping can only be based on organization information (i.e. groups, roles, memberships and users) and cannot be dynamic based on process instance information (such as user who start the instance).

    If you need to have users associate with a task based on information such as who start the process instance, filters is actually the good option. Filters can use any kind of input information to build a list of users ids. A filter is actually executed when a task is reached and so will have access to information such as process instance initiator id (and also instance variables, external data...).

    For actor, it is actually when the user logged into Bonita BPM Portal that based on his membership Engine will find the matching actors as defined in deployed processes.