Ensure that you enable global security in WebSphere® Application Server.
When an instance of the LocalHumanTaskManager or the HumanTaskManager session
bean is created, WebSphere Application Server associates a session
context with the instance. The session context contains the caller's principal
role. This information is used to check the caller's authorization for each
call.
The following reasons for a work-item assignment are used:
- Potential owner is the person or group of people to whom the human or
participating task is assigned.
- Owner is the potential owner that claimed the task.
- Editor is the person or group of people that can modify the data that
belongs to the human or participating task although they are not owners or
administrators of the task.
- Reader is the person or group of people that can read the task, task template,
or escalation data although they are not owners, editors, or administrators
of the task.
- Originator is the person who created the task.
- Potential starter is the person or group of people that can start an existing
originating task. If a potential starter is not specified, the originator
becomes the potential starter. For inline tasks without a potential starter,
the default is everybody.
- Starter is the person who started an originating task.
- Administrator is the person or group of people that can administer the
task, task template, or escalation.
- Escalation receiver is the person or group of people that receive an escalation
if the escalation is triggered.
- E-mail receiver is the person or group of people that receive an e-mail
if the escalation is triggered.
- Potential instance creator is the person or group of people that can create
an instance of a task template.
Special authority is granted to people with the following roles:
- Administrator and the Java™ 2 Platform, Enterprise Edition (J2EE)
TaskSystemAdministrator. These roles have all privileges.
- Reader and the J2EE TaskSystemMonitor. These roles can read all of the
objects.