- Introduction
- Getting started
- Process modeling with BPMN
- Process modeling with Case Management
- Designing a persistent case entity schema
- Defining case keys (system vs. external)
- Establishing task I/O and write-back contracts
- Exit rules and early stage termination
- Modeling primary and secondary stages
- Triggering a case from Data Fabric
- Implementing stage-level personas and permissions
- Setting SLAs and automated escalation rules
- Configuring a rework loop (re-entry)
- Managing live case instances: pause, migrate, and retry
- Maestro case management component dictionary
- Process implementation
- Debugging
- Simulating
- Publishing and upgrading agentic processes
- Common implementation scenarios
- Extracting and validating documents
- Process operations
- Process monitoring
- Process optimization
- Reference information
Maestro user guide
Overview
Stage-level personas and permissions let you control exactly which human participants can view case data and act on tasks within each phase of a case. Define custom personas, scope them to specific stages, and enforce least-privilege access so that case workers, supervisors, and subject matter experts see and do only what their role requires.
Prerequisites
- Access to Studio Web.
- A case plan with at least two stages already modeled on the canvas. See Create a case plan in Studio Web for instructions.
- An understanding of stages and tasks in Maestro Case.
- Familiarity with the five built-in persona types described in the Built-in Persona Types section below.
Step 1: reviewing built-in persona types
Before creating custom personas, review the built-in types that Maestro provides out of the box. Determine whether existing personas cover your access needs or whether you require additional roles.
| Persona | Role in the Case | Typical Capabilities |
|---|---|---|
| Case Creator | Initiates the case (portal form, API call, email) | Create new case instances; view status of cases they created; limited update ability on open cases before the first stage completes |
| Case Owner | Accountable for the case end-to-end; often assigned at creation | Full case visibility across all stages; can reassign tasks, override decisions (within policy), and reopen closed cases |
| Case Worker | Executes assigned human tasks within specific stages | View and complete tasks in their queue (My Work); update case entity fields scoped to their task output; stage-level visibility only |
| Supervisor / Manager | Oversees a team's portfolio of cases; handles escalations | View all cases assigned to their team; reassign tasks; approve escalations; pause/resume SLA timers; access dashboards and KPIs |
| Subject Matter Expert (SME) | Consulted on specific cases or stages requiring specialist knowledge | Read access to relevant case data; can complete SME-designated tasks; does not have broad case management permissions |
Personas govern human access and actions within the Case App. AI agents are configured separately as task types (Agent, External Agent) and are not assigned personas.
Step 2: creating custom personas
When a built-in persona does not match a domain-specific role, create a custom persona and scope it to one or more stages.
Opening the persona configuration
- In Studio Web, open the case plan.
- Navigate to the Personas section in the case management settings.
Adding a new persona
- Select Add Persona.
- Enter a descriptive Persona name (for example,
Field Inspector,Fraud Analyst, orCompliance Officer). - Select the stages where this persona applies. The persona does not automatically appear in every stage — it exists only where you scope it.
Repeating for each domain-specific role
Create one persona per distinct role that requires unique access. Avoid creating overlapping personas that duplicate permissions.
Step 3: configuring stage-level view and act permissions
For every stage in the case plan, define two access dimensions for each persona.
Opening stage permission settings
- Select a stage on the canvas.
- Open the Permissions or Access configuration panel for that stage.
Assigning view access
View access controls which personas can see the stage's data, tasks, and history in the Case App.
- In the View section, select the personas that should have read-only visibility into this stage.
- Include any personas that need to monitor progress or review outcomes without taking action.
Assigning act access
Act access controls which personas can take actions within the stage — complete tasks, add notes, reassign work, escalate, and trigger transitions.
- In the Act section, select the personas that should perform work in this stage.
- Limit Act access to the minimum set of personas required for the stage's tasks.
Repeating for every stage
Configure View and Act permissions on each stage in the case plan. A persona may have Act access in one stage and View-only access in another. For example:
| Stage | Claims Adjuster | Finance Analyst | Supervisor |
|---|---|---|---|
| Investigation | View + Act | — | View |
| Assessment | View + Act | View | View + Act |
| Settlement | View | View + Act | View + Act |
Step 4: narrowing permissions at the task level
Tasks inherit the stage's persona settings by default. Optionally, restrict a specific task to a subset of the personas that have stage-level Act access.
Selecting a task within a stage
- Open a stage on the canvas.
- Select the human task you want to restrict.
Overriding the assignable personas
- In the task's Assignment settings, specify which personas (or teams within a persona) can be assigned this task.
- For example, a Fraud Review task inside the Investigation stage might restrict Act access to Case Workers on the "Fraud" team, even though the broader Investigation stage is visible to Supervisors.
Task-level restrictions can only narrow the stage-level permissions. You cannot grant a persona Act access on a task if that persona does not already have Act access on the parent stage.
Step 5: defining assignment strategies for human tasks
Choose how human tasks are assigned to individuals within the permitted personas.
| Strategy | How It Works | When to Use |
|---|---|---|
| Static | A fixed user, team, or group is assigned at design time | Tasks that always go to the same team (for example, Finance Review always goes to the Finance group) |
| Dynamic | A rule or expression resolves the assignee at runtime based on case entity data (for example, route to the adjuster whose territory matches the claim location) | Workload-balanced assignment, territory/region routing, skill-based routing |
Configuring the assignment strategy
- Open the human task.
- In the Assignment section, select Static or Dynamic.
- For Static, select the user or group.
- For Dynamic, define the rule or expression that evaluates case entity fields to resolve the assignee at runtime.
Step 6: publishing and deploying the case plan
- Validate the case plan to confirm all stages have persona permissions configured and all human tasks have assignment strategies defined.
- Publish from Studio Web.
- Deploy and activate in the target folder.
Expected outcome
After completing these steps:
- Each stage in the case plan has explicit View and Act permissions scoped to the appropriate personas.
- Custom personas exist only in the stages where they are needed, following the principle of least privilege.
- Human tasks optionally narrow the stage-level permissions to specific teams or individuals.
- When business users open the Case App, they see only the stages and tasks their persona permits — a claims adjuster sees Investigation and Assessment details but has read-only access to Settlement (owned by Finance).
Use case example
Scenario: Property insurance claims with a custom Field Inspector persona.
In a property insurance claims case, the standard Case Worker persona handles most stages. However, the On-Site Assessment stage requires a specialized Field Inspector who visits the property.
| Configuration | Value |
|---|---|
| Persona name | Field Inspector |
| Scoped to stage | On-Site Assessment only |
| View access | On-Site Assessment stage data and the case summary from prior stages (read-only) |
| Act access | Complete the "Site Inspection Report" task; upload photos; submit findings back to the case entity [Coming Soon] |
| No access to | Settlement, Manager Review, or any other stage |
| Assignment strategy | Dynamic — route based on the property's ZIP code to the nearest available inspector |
When Field Inspectors open the Case App, they see only what their stage-scoped persona permits. They cannot view settlement amounts or reassign tasks in other stages.
Limitations
- Full case user roles and access support is not yet available. Some persona and permission features may have limited functionality.
- Task-level restrictions can only narrow stage-level permissions — they cannot grant broader access than the parent stage allows.
- Personas apply to human participants only. AI agent tasks are configured separately and do not use the persona model.
Next steps
- Configure SLAs and escalation rules to define time-based expectations for each stage.
- Add stage rules to control how cases move between stages based on case entity data.
- Configure the Case App to customize the business user experience for each persona.
- Overview
- Prerequisites
- Step 1: reviewing built-in persona types
- Step 2: creating custom personas
- Opening the persona configuration
- Adding a new persona
- Repeating for each domain-specific role
- Step 3: configuring stage-level view and act permissions
- Opening stage permission settings
- Assigning view access
- Assigning act access
- Repeating for every stage
- Step 4: narrowing permissions at the task level
- Selecting a task within a stage
- Overriding the assignable personas
- Step 5: defining assignment strategies for human tasks
- Configuring the assignment strategy
- Step 6: publishing and deploying the case plan
- Expected outcome
- Use case example
- Limitations
- Next steps