User privileges for working with tasks

Hi All,

We have an application with numerous task types where diefferent roles have access to these tasks. Now to work with these tasks, there will be another application (not CAF based) which will be working with these tasks. This will happen through the use of Task Web Service.

Now, to work with the Task Web Service, we have to pass credentials of a user who has access to the task which has to be manipulated. With numerous task types, we have three options:

  1. To give a Admin user to the client (not an option due to security reasons)
  2. To create a user each for all task types and assign them to the each role. (Too much maintenance and not convenient while coding)
  3. Create one user who has access to all tasks (convenient but still every time a new task is created, the user has to be added)

But one more issue is that with new fixes, the user should have functional and Access privleges to work on the task which means the user that we create will be able to login to the production system and work on the task which is not desirable.

We would like to know how this is handled normally. What should be the Access and Functional privileges provided to the client?

Is there a way to somehow set up some kind of SSO so that the user credentials be not passed for the Task Service as the user has already been authenticated on the Client side?

We are currently working on webMethods 7.1.3 with Fix 17

Thanks a lot in Advance,
Ninad Patil