I had a query about the Modify Process Security node 's behavior.
Imagine a simple process model. It has a Modify Process Security node followed by a user input task assigned to a group of managers.
John doe is a member of managers. He is the only user I dont want to be able to accept this task.
With security nodes inputs set to
Viewers – cons! MY_MANAGERS
Explicity Non Viewers – touser("john.doe1")
I would expect john to not have the task assigned to him, or at least some kind of security error to occur if he click the task.
But this is having no impact on John doe. The whole manager group is still being assigned to,, him included.
I even tried the inverse of this, with john doe as the only input in the viewers tab, but still, all the other managers can still see/accept the task.
Any idea what I am assuming incorrectly about the Modify Process Security node usage?
Should i not be using it to restrict task assignments?
Discussion posts and replies are publicly visible
Process model security is completely separate from task assignment. See https://docs.appian.com/suite/help/20.2/process-model-object.html#process-model-security, especially the note at the end of that section: "The Deny role does not prevent users from viewing tasks assigned to them."
In order to solve this problem a very simple approach can be followed, you can create a separate group and put all the users to which you want to assign the task (not adding John doe in it). or just before assigning the task to the group use the remove user from the group smart service and then assign the task, once done you can again add the user back to the group.