Hi, I’m just starting to use Flowable and working my way through the tutorials.
In the “Getting Started” example, a user task is created with candidateGroups set to “managers”.
<userTask id="approveTask" name="Approve or reject request" flowable:candidateGroups="managers"/>
However, when I create a new user which is not assigned to any group, I can still use that identity to perform the task of “approveTask” and set the “approved” variable to true.
I was expecting to get some kind of error message when I try to perform the “approveTask” with an identity which is not authorized for the “managers” group. Am I missing something? Or is there another property to control user access to a task?