Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
15 replies
Subscribers
6 subscribers
Views
6119 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Process
I have a question about the visibility of Task forms. We have a custom emai
mikej117
over 9 years ago
I have a question about the visibility of Task forms.
We have a custom email sent to task assignees where we include a hyperlink directly to the task they have been assigned to (e.g.
site.appiancloud.com/.../12345)
. One of these email recipients has forwarded the email to someone else, and that other person has been able to click the link and view the task (which is displayed as read-only).
The data is supposed to be secured so that only the initiator and reviewer assignee(s) can view the data displayed on the form.
We could remove the task link from the email, but it would still be possible for the assignee to copy the URL for the task and provide that to someone else. Is there a way to secure tasks so that only the assignee(s) can view them?
OriginalPostID-175551
OriginalPostID-175551
Discussion posts and replies are publicly visible
0
KARTHIK NATARAJAN
Certified Lead Developer
over 9 years ago
Mike, not sure about securing task but one way of securing data out of the box is to validate the loggedInUser() upfront before calling your rule/interface.
(e.g.) >> if(loggedInUser()=pp!initiator, rule!MyForm, {"Some appropriate message"})
Hope this is useful but lets wait to see if we have better approach!
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mahipalc
over 9 years ago
I worked on this kind of scenario. But I have not faced this issue.
The other person(to whom email is forwarded) can only see the task if he is in task assignee list.
If he is not in task assignee list, below message is displayed :
"The requested task is not available.You may not have permission to view the task, or it may have been deleted"
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 9 years ago
Hi @mahipalc,
That's interesting. This is the behaviour that I was expecting. Was this a custom message generated by your form or from Appian?
If it was from Appian, which Appian version was it?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mahipalc
over 9 years ago
It was not a custom message, generated by Appian. Version is 7.7
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 9 years ago
OK, thanks for the feedback. I'm running 7.10 so it looks like the behaviour changed between 7.7 and 7.10.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
KARTHIK NATARAJAN
Certified Lead Developer
over 9 years ago
Mike I was able to reproduce the same error on 7.9 . It seems to occur when the user is a basic user and do not have security permissions to the process (or) objects related to the task !
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Annelise Dubrovsky
Appian Employee
over 9 years ago
The relevant product documentation is here:
forum.appian.com/.../Configuring_Process_Security.html
Note the row where process viewers can view task reports. Also note that users in the editor role can view and complete tasks assigned to other users.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Ricardo Galvan
Appian Employee
over 9 years ago
I haven't been able to replicate this. Can you please provide the steps to do this? This is what I have tried:
- Created a task
- Assigned it to a group / single user
- Sent an email with the task URL
- Forwarded to a different user (which is authenticated in the environment but is not in the group that the task is assigned to or is not the user that the task was assigned to)
In both cases I get the message "The requested task is not available.You may not have permission to view the task, or it may have been deleted"
Is there something I'm missing?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Cesar Machuca
Appian Employee
over 9 years ago
Please check if the user that received the forwarded email is a system administrator. If that is the case, a system administrator can see any tasks. That would explain the behavior described in this post.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Cesar Machuca
Appian Employee
over 9 years ago
@mahipalc Can you verify if the users you used in your test have editor permissions or are part of a group with editor permissions to the process of the task?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
>