One of the requirements is that persons from our customers are involved in the workflow; persons from different customers have the same role only have limited access to the tasks. They can enter and/or approve orders that are related to the company they work for.
This means generic roles don't work (e.g. approver). I need to have some field in the workflow that identifies the customer and based on that I need to assign it to the right group/person.
The assignment of the task is dynamic; before entering a human task state I need to revalidate if the person/group is still the right one to perform this action.
I need some kind of sharding/multi tenant solution to ensure that the tasks are only visible for personal of that customer. Even within my company we have specific customer supporting groups.
I have my thoughts;
a. use group names that related to the customer (APPROVER_CUSTOMER_123),
b. use before every task a script task for the assignment; a lot of extra nodes will popup; no clean workflow,
c. use task listeners/command interceptors.
Question; what will be a good solution for solving (to me) common problem?