When the task get's created and complete only task assignee can access task details and corresponding form details. We have use case where manager users should able to see complete task details of all task (running, completed) in read only mode regardless of assignee and owner of task.
Assuming that you are talking about Alfresco Process Services and the default task list UI in the product, the tasks will appear in the list only if you are part of the task (eg: assignee/participant etc).
One of the options is to create a manager group and add this group as a participant to all tasks. Then all users in this group can access all tasks in the system. You can achieve this quite easily using an event listener based approach. I have created an example of this approach which is available at GitHub: aps-task-watchlist-extension. As you can see it is code, so you are free to customize it to suit your needs!
If you are building ADF based UI applications, you can achieve this with a combination of custom task query APIs & ADF components!
As per your example I am absolutely fine for overwriting default Permission Service of Alfresco Process Service and that will solve my problem. But the issue is we have multiple existing solutions running into single instance of Alfresco Process Service. I am more worried about impact of this on existing running applications which are depend on default Permission Service.
I was thinking about Group Manager Involvement where I can have single group for all assignee users and for that group have Group manager (as single manager user or group of manager users) so that as per concept of involved users Manager users should get involved and access on task.
This is just my thought process. I yet to test this and how Permission Service will behave for involved users. What is your thought on this?
it should work for involved users as we designed the application, however if the capabilities you want to give to your involved users are different from what we have in the product then obviously you will need to override that! Also, permission service override is your code so if you want to exclude a few processes (existing deployed ones) from those it can be done, it's just more code logic you will have to write to exclude them!
We want at least read access for involved users. If there are more access then we can ignore them from ADF app. I am hoping that at least task form read access should be available for involved users. I was searching for involved users capabilities but didn't found much. Any pointer here will be really helpful.