how to stop the user completing the assignment based on the role
i have a requirement like this.
I have a work group and some work baskets are associated to that work group. Now when team lead role operator logs in ,he should be able to see (means he can open work items) from all work baskets and should not be allowed to submit the assignment except from one work basket(lets say ReviewLeadWB). He should be able to open and submit the assignments from ReviewLeadWB.
Considering the the WB can hold work objects of different classes, to achieve this using access of role to object via work object class would mean defining the access of role to object at the class group level. Also this would mean restricting the users access to the entire class rather than in your case specifically a set of flow actions.
Instead maybe its better to customize the access of role to object for the Assign-Workbasket class or simply extend the CanPerform access when rule.
As the user must still be able to view the items in the restricted WB , you cannot use the the roles in the WB rule nor do it in the flow action privilege.
By default Canperform will be used to restrict opening the assignment. Just change it from "Open instances" to "Modify instances" in the access of role to object rule. Open instances you can use the default value "5"
1. No changes to "canPerform", only ensure that the said work basket which needs to be access restricted does not list the team lead's access role in the roles list for that work basket instance
2. Extend/possibly replace canPerform with similar access when rule combining canPerform along with logic to prevent access to that work basket, in case we have provided team lead access role in that work basket instance roles; put that new access when rule in the access role to object for Assign- class for the team lead's access role
You can have a privilege assigned to the flow that contains the workbasket you do not want the user to perform and not give that user that privilege ( but you would have to give all others that privilege) . they should be able to open the assignment but not perform it.