In Chapter 4, Operation Management, we saw how the KIE workbench features JAAS-based user authentication and RBAC for the UI functionalities by means of the user.properties and roles.properties files.

The jBPM engine does not have built-in authentication or fine-grained authorization functionalities on process creation or task operations. TaskService and the human task management of users and groups with respect to task operations are delegated to a custom implementation of the UserGroupCallback interface. Here, the developer is able to implement his/her own task authorization mechanism by hooking into a custom identity management system or an ad hoc implementation.

jBPM provides a set of ready-to-use, configurable UserGroupCallback ...