AnsweredAssumed Answered

Bypass task security with 'All Active Tasks' dashlet

Question asked by tqu on Jan 22, 2008
Latest reply on Jan 22, 2008 by tqu
Hi,
there is a (quite severe) problem with the "All Active Tasks" dashlet.
What I did:
1. Login as user1
2. Start a review & approve workflow and assign it to user2
3. Login as user3 and add the "All Active Tasks" dashlet

–> user3 can see the task although he's not involved in the workflow in any way.

4. user3 can approve or reject the task as if he's the assignee of the task.

Now the question is: is there a way to configure this behaviour or is this a bug?
After all it sounds like this problem:
http://issues.alfresco.com/browse/AWC-1787

Best regard,
Torben

Outcomes