Hi all,
Is there a way to limit Task creation to allow only the creation of Tasks that exist in the Task Templates? This would be to prevent situations where a User who is in a Permissions group that has permissions to create Tasks on Entities is trying to create a Task on an Asset/Shot that doesn’t conform to those defined in the Templates (rogue actors! 
).
Advice is appreciated!
Cheers,
-DW
Great suggestion @deanareeno! Although I don’t think what you’re asking for is possible currently I can definitely see how this would be useful. I’ll make sure we bear this in mind as we continue to improve both permissions and task creation.
@jack / @deanareeno
When an Entity is created with a Task Template defined, it creates new Task Entities linked to the Entities from the Task Template. - It acts as a stamp on the newly created Entity, populating it with Tasks.
Managers / Coordinators who are adding Tasks to an Entity (Shot/Asset/Episode) which do not match the given Task Template…
I’m not sure I understand the situation you’re dealing with; the only case where I anticipate this kind of restriction to be effective is in the event that Tasks from the Task Template (given at Asset/Shot creation) were deleted from the Asset/Shot and are being re-applied / added again. In which case, the latest adjustments for “updating” an existing Task Template should be capable of re-populating the Tasks.
For your case, would it be more appropriate to restrict the available Pipeline Steps for the Entity rather than restricting the Tasks which can be created?
“Rogue actors” in the OP was the clue.
Hypothetical: one day, CuriousGeorge shows up at your studio and he has the permissions in Shotgun to create Tasks on Entities. For whatever reason, he doesn’t see a Task on an Entity that he thinks should exist, so without consulting anyone, he creates his own Task on that Entity. Also, because he hasn’t consulted with anyone, he makes his own assumptions about naming and Pipeline Step, etc. He doesn’t have permissions to create, edit or delete Task Templates, so whenever he comes across an instance of a said Entity while he works, he creates this Task on it manually through the web UI. Maybe he’s consistent in his approach (e.g. naming), maybe not.
While this is a social engineering problem at its core, a software engineering solution would be the restriction I described – no more worrying about rogue action. Users would have to discuss with production + pipeline if they wanted/required new Tasks, and then if there’s consensus, the new Task gets implemented properly and pushed out globally for the Project. If CuriousGeorge tries to manually create a new Task that doesn’t fit the Task Template, the restriction would prevent it from happening.
Where I work we’re planning to add new User Permissions groups, tweak their settings, and move the appropriate people/positions into them (currently based on legacy there are too many people in the Manager User Permissions group, for example), but as a short term solution I thought there might be a way to implement the restriction.
This isn’t a solution to the problem I’ve described.
I very much identify with this issue.
My concern here is that the Task Template will have been linked to an Entity at the point of creation. Which will already have created the Task objects which match the Template.
At the point CuriousGeorge attempts to add a Task, the Task list already contains all the Tasks defined in the linked Task Template.
So I don’t believe it would help to restrict the creation of Tasks to only those belonging in the Task Template - They would already exist.
I think the correct way forward is as you’ve said - To create the new (restricted) permission role and remove the ability to create Task Entities.