This is what each Task permission unlocks. Permissions are granted through roles - e.g. the Task Manager role grants the full management set. Working the tasks assigned to you needs no permission at all.
What each permission grants
- (none) - self-service. Every employee can see, start, finish and record output on the tasks assigned to them, claim a team task they belong to, and view their own KPI. No grant needed.
- Create tasks (
TaskCreate) - create new tasks and delegate. Without it you can work your tasks but not create or hand them on. - Assign to anyone (
TaskAssignAny) - assign/delegate to anyone in the organisation. Without it, you can only assign to your own department and the teams you manage (the org chart). - Manage tasks (
TaskManage) - assign, rate, override grades, request changes, and view your team's tasks and KPI. Implies Create and Assign-to-anyone. - View all tasks (
TaskViewAll) - read-only visibility of every task across the organisation, without being an administrator. - Orchestrate (
TaskOrchestrate) - open the Orchestrator console and run the coordination sweep (Manage/admin also get it). - Configure KPI targets (
KpiTargetManage) - set the expected durations that turn on automatic work-time grading. - Administrators have all of the above implicitly.
Who can sub-task or delegate a specific task
Beyond holding Create tasks, restructuring a particular task follows current responsibility, not who filed it: only the task's assignee or manager (or a manager/admin) can add sub-tasks to it or delegate it - a bystander who merely created it can't. The full matrix is in Sub-tasks & delegation: how work rolls up the tree.
Visibility (what people see in lists)
Task lists are scoped consistently: mine (assigned to me), managed (I'm the named manager), team (everyone in the departments I manage, recursively), and all (org-wide - only with View all tasks or admin). The same scoping applies to the web app and the REST API, so they never diverge.
Related: Creating & assigning tasks � KPI & grading.