jbpm roles such as admin, analyst, user, developer and manager are only roles in the UI to restrict access to certain perspectives/views. Rest will require authentication and then will allow user to perform operations. Though task related operations are based on task assignment meaning only tasks assigned to given user will be available to that user.
Correct, when I have user without any roles and with no task assigments I am unable to claim tasks or process them, but I can still get all tasks list (using /rest/task/query) or send signal with /rest/runtime/.../execute
Is it possible in jbpm to limit this actions only for users with specified role or I need to implement own filter?