We have an application that on a flow assign a series of task to a series of users or group.
In this case we have a user that shared to another user
(for internal policy the second one dont have to see, and dont see, the specific set of data related to the task, but this isn't the problem)
The problem is that even the specific task was assigned to a group where there isn't the second user (that have received the task link)
if that user use the link, it can see the task.
Why? Are there some restriction that i can apply?
Obviously we talk about task in report and not in tempo.
Discussion posts and replies are publicly visible
This is a matter of process model security. Please review this part of the documentation: https://docs.appian.com/suite/help/24.3/process-model-object.html#process-role-permissions