Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
I have found that users can reassign tasks that are not their own to any user that they want. How does one stop this? Only an admin should be able to do this type of thing.
have you control the ACL rules defined for the user?
try to test what ACL is related to the Task object and deny it to users.
additional
My experience is that many customers add user to a Context Manager role and they are surprised that they can do anything 😄
PetrH
Hi @HelesicPetr
So the weird thing was that I did it once or twice as a normal user. So I went in and played with the ACLs. It stopped it, but when I started back tracking and put all the ACLs back to normal it wouldn't let me anymore. I did receive a reply from tech support saying that ACLs didn't control this and that it should be controlled by task ownership.
That could be point.
If you start to play with ACL, there are used cached rules or what ever it is called, and you need to clear a cache of a user.
It happened to me many times especially if more method servers are running.
So all the time you change the ACL of the user, you need to clear the users cache from the Participant Table in utilities on a site.
PetrH
Hi @HelesicPetr
In the past I would always just log out as the user and log back in for the ACL changes.
Brian
What is logout for you? Do you have logout button ? or you just wait to timeout 30 minutes that user is marked as logged out?
Just closing the browser, open new session and put new login information is not logout and it does not work this way.
It is my experience that close browser is not enough to refresh cached ACL to user.
Server restart or clean a users cache worked for me.
PetrH
I used to have a Logout button in the browser. But I have always just closed and reopened the browser. Maybe I've been fortunate most of the time?
Brian
My experience is that If you play with ACL the just closing and reopening browser is not enough to apply new ACL rules.
Sometimes it works, but if you change one ACL several times you can get to a trouble with the cached ACLs and you need to remove user from the cache as I mentioned earlier.
PetrH