Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
13 replies
Subscribers
6 subscribers
Views
5174 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Process
Task Reports and associated Task security
mikej117
over 8 years ago
We have been looking at how to retrieve live data regarding which user is the task assignee / owner within a particular parent process instance. Task Reports will give us this data, but for end users to see this information (e.g. on a Record dashboard), it seems to require that the Process security is set to allow the end user group to have Viewer access.
The downside is that anyone in that group will now be able to load those tasks (in read only mode), which may expose sensitive information.
Is there another way that we can secure the Tasks to only be viewable by the assignees, while having the ability to do a Task Report for use on the Record dashboard?
OriginalPostID-253216
Discussion posts and replies are publicly visible
0
ChristineH
Certified Lead Developer
over 8 years ago
In SAIL, when you pull the datasubset from the report, could you just not make the task have a link to access it? Meaning just have it as plain text.
Just thinking....
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 8 years ago
The Task Report doesn't actually contain a link to the task - just the task assignee, creation time, deadline.
The problem is that if we grant access to allow the end users to execute the Task Report, there is a side effect that gives them access to see other people's tasks.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 8 years ago
As per the Viewer role permissions described in this page:
forum.appian.com/.../Configuring_Process_Security.html
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Rama Thummala
Certified Lead Developer
over 8 years ago
@mikej
Please use the querryFilter() in queryProcessAnalytics() while fetching the data like if the loggeduser() is in assignedTo list
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 8 years ago
Thanks for the suggestion - but the point of doing the live lookup for the task owner is to display the task assignee on the Record dashboard. This is so that other users can see the assignee.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Tom Ryan
Appian Employee
over 8 years ago
Unfortunately in this case I think if a user has the permissions to view a task report, they will always have the permissions to view the tasks themselves. I think you could work around this by storing data externally so you can control how it is displayed, but that is not ideal and probably non-trivial to design and implement.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 8 years ago
Thanks for confirming that Tom.
Is there a way to run a Task Report as a Designer to retrieve the Task data for use on a Record?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Tom Ryan
Appian Employee
over 8 years ago
You could run a process model as a designer that calls a!queryProcessAnalytics(), but then you would need to store the data somewhere.
Is this in a tempo environment? If it is, is the concern with setting up a tempo task report just that the users *can* access the tasks, even though they wouldn't have a link?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
mikej117
over 8 years ago
Yes, this is in Tempo. And yes, the issue is around security of tasks (we do send other emails to users that contain direct links to tasks, so it's not that much of a leap that users might try to access URLs containing other taskIDs, whether it's deliverate or otherwise).
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Raviteja Varma Jampana
A Score Level 2
over 8 years ago
Hi Mike,
Correct me if i am wrong, You are trying to show all tasks of a process instance and their assignees to all users but only task assignees can have option to open their tasks. For this run query analytics on task report with process context but while providing link to task add a condition that task link will be only available to assignees.
If you are after showing all tasks of a process instance without links then run the query anaytics in a script task and congiure script task with assignment as "Run as whoever designed this process model"
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
>