I am trying to restrict users so that they cannot access (can review, not perform) cases assigned to WorkBaskets that are not listed in their Operator configuration.
Currently, I am using a custom Access When rule CanPerformAssignment (Assign-WorkBasket).
Users can still access (review and perform) cases from Work Baskets that are not in their Work Basket list.
Moreover with that configuration there is an issue with Transfer Assignment (reassign) in a scenario related to Work Basket access.
Users are trying to reassign an assignment to a Work Basket. However, the target Work Basket is NOT present in the list of the current operator.
Transfer Assignment is NOT possible - Target Work Basket is available/selectable – but I throws an error about restricted permission.
Questions:
What is the recommended way to restrict the execution of assignments in a Work Basket that is not listed among the available baskets for this operator?
What is the recommended way to allow reassignment to OTHER Work Baskets (not on operator list) in a controlled and secure way?
The recommended approach is to separate review, perform and transfer permissions instead of driving all three from the same workbasket membership check. Being able to see/open a case from a workbasket is not the same as being allowed to perform the assignment.
For your first requirement, apply the restriction at the assignment access level so the operator can review the case but cannot perform the assignment unless that workbasket is in the operator’s allowed basket list.
For transfer/reassign, use a separate validation rule or privilege model. If the same CanPerformAssignment logic is reused, it will also block reassignment to target workbaskets outside the operator’s list, which is why you are seeing that error now. A separate rule for “can transfer to this workbasket” is the cleaner and more secure design.
