TSK-1992 remove unnecessary ParentExceptions

Deleted Exceptions: * NotAuthorizedException * NotFoundException * InvalidStateException
2023-02-08 10:17:18 +01:00 · 2023-02-08 10:17:18 +01:00 · 20d389a7d5
parent e40417f1fd
commit 20d389a7d5
122 changed files with 907 additions and 810 deletions
--- a/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/DomainNotFoundException.java
+++ b/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/DomainNotFoundException.java
@ -3,7 +3,7 @@ package pro.taskana.common.api.exceptions;
 import pro.taskana.common.internal.util.MapCreator;
 /** This exception is thrown when the specified domain is not found in the configuration. */
-public class DomainNotFoundException extends NotFoundException {
+public class DomainNotFoundException extends TaskanaException {
  public static final String ERROR_KEY = "DOMAIN_NOT_FOUND";
  private final String domain;
--- a/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/MismatchedRoleException.java
+++ b/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/MismatchedRoleException.java
@ -9,7 +9,7 @@ import pro.taskana.common.internal.util.MapCreator;
 * This exception is thrown when the current user is not in a certain {@linkplain TaskanaRole role}
 * it is supposed to be.
 */
-public class MismatchedRoleException extends NotAuthorizedException {
+public class MismatchedRoleException extends TaskanaException {
  public static final String ERROR_KEY = "ROLE_MISMATCHED";
  private final String currentUserId;
--- a/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/NotAuthorizedException.java
+++ b/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/NotAuthorizedException.java
@ -1,9 +0,0 @@
 package pro.taskana.common.api.exceptions;
 /** This exception is thrown when a user is not authorized. */
 public class NotAuthorizedException extends TaskanaException {
  protected NotAuthorizedException(String msg, ErrorCode errorCode) {
    super(msg, errorCode);
  }
 }
--- a/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/NotFoundException.java
+++ b/common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/NotFoundException.java
@ -1,9 +0,0 @@
 package pro.taskana.common.api.exceptions;
 /** This exception is thrown when a specific object is not in the database. */
 public class NotFoundException extends TaskanaException {
  protected NotFoundException(String message, ErrorCode errorCode) {
    super(message, errorCode);
  }
 }
--- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/TaskanaHistoryEngine.java
+++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/TaskanaHistoryEngine.java
@ -1,7 +1,7 @@
 package pro.taskana.simplehistory;
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.spi.history.api.TaskanaHistory;
 /** The TaskanaHistoryEngine represents an overall set of all needed services. */
@ -25,7 +25,7 @@ public interface TaskanaHistoryEngine {
   * Checks whether current user is member of any of the specified roles.
   *
   * @param roles The roles that are checked for membership of the current user
-   * @throws NotAuthorizedException If the current user is not member of any specified role
+   * @throws MismatchedRoleException If the current user is not member of any specified role
   */
-  void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException;
+  void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException;
 }
--- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java
+++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java
@ -9,7 +9,7 @@ import org.slf4j.LoggerFactory;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.simplehistory.impl.classification.ClassificationHistoryEventMapper;
 import pro.taskana.simplehistory.impl.classification.ClassificationHistoryQuery;
 import pro.taskana.simplehistory.impl.task.TaskHistoryEventMapper;
@ -103,7 +103,7 @@ public class SimpleHistoryServiceImpl implements TaskanaHistory {
  @Override
  public void deleteHistoryEventsByTaskIds(List<String> taskIds)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    taskanaHistoryEngine.checkRoleMembership(TaskanaRole.ADMIN);
    if (taskIds == null) {
--- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java
+++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java
@ -25,7 +25,6 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.OracleSqlSessionFactory;
 import pro.taskana.common.internal.configuration.DB;
@ -90,7 +89,7 @@ public class TaskanaHistoryEngineImpl implements TaskanaHistoryEngine {
        .anyMatch(rolesMembers::contains);
  }
-  public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
+  public void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException {
    if (!isUserInRole(roles)) {
      if (LOGGER.isDebugEnabled()) {
        LOGGER.debug(
--- a/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java
+++ b/history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java
@ -19,7 +19,7 @@ import pro.taskana.common.api.ScheduledJob;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.JobServiceImpl;
 import pro.taskana.common.internal.jobs.AbstractTaskanaJob;
@ -196,7 +196,7 @@ public class HistoryCleanupJob extends AbstractTaskanaJob {
  }
  private int deleteEvents(List<String> taskIdsToDeleteHistoryEventsFor)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    SimpleHistoryServiceImpl simpleHistoryService =
        (SimpleHistoryServiceImpl) taskanaHistoryEngine.getTaskanaHistoryService();
--- a/lib/taskana-cdi-example/src/main/java/pro/taskana/example/ExampleBootstrap.java
+++ b/lib/taskana-cdi-example/src/main/java/pro/taskana/example/ExampleBootstrap.java
@ -8,15 +8,15 @@ import javax.enterprise.event.Observes;
 import pro.taskana.classification.api.exceptions.ClassificationNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.exceptions.AttachmentPersistenceException;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
-import pro.taskana.task.api.exceptions.InvalidStateException;
+import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 /** Example Bootstrap Application. */
@ -27,10 +27,10 @@ public class ExampleBootstrap {
  @PostConstruct
  public void init(@Observes @Initialized(ApplicationScoped.class) Object init)
-      throws TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, ClassificationNotFoundException,
-          ClassificationNotFoundException, InvalidStateException, InvalidOwnerException,
+          InvalidOwnerException, TaskAlreadyExistException, InvalidArgumentException,
-          TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
+          AttachmentPersistenceException, ObjectReferencePersistenceException,
-          ObjectReferencePersistenceException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    System.out.println("---------------------------> Start App");
    ObjectReferenceImpl objRef = new ObjectReferenceImpl();
    objRef.setCompany("aCompany");
--- a/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java
+++ b/lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java
@ -28,7 +28,6 @@ import pro.taskana.common.internal.util.EnumUtil;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.ObjectReference;
@ -465,7 +464,8 @@ class CompleteTaskAccTest implements TaskanaEngineConfigurationModifier {
    assertThat(results.containsErrors()).isTrue();
    assertThat(results.getFailedIds()).containsExactlyInAnyOrder(task.getId());
-    assertThat(results.getErrorMap().values()).hasOnlyElementsOfType(InvalidStateException.class);
+    assertThat(results.getErrorMap().values())
        .hasOnlyElementsOfType(InvalidTaskStateException.class);
    assertThat(results.getErrorForId(task.getId()))
        .hasMessage(
            "Task with id '%s' is in state: '%s', but must be in one of these states: '[%s, %s]'",
@ -485,7 +485,8 @@ class CompleteTaskAccTest implements TaskanaEngineConfigurationModifier {
    assertThat(results.containsErrors()).isTrue();
    assertThat(results.getFailedIds()).containsExactlyInAnyOrder(task1.getId(), task2.getId());
-    assertThat(results.getErrorMap().values()).hasOnlyElementsOfType(InvalidStateException.class);
+    assertThat(results.getErrorMap().values())
        .hasOnlyElementsOfType(InvalidTaskStateException.class);
    assertThat(results.getErrorForId(task1.getId()))
        .hasMessage(
            "Task with id '%s' is in state: '%s', but must be in one of these states: '%s'",
@ -596,7 +597,8 @@ class CompleteTaskAccTest implements TaskanaEngineConfigurationModifier {
    assertThat(results.containsErrors()).isTrue();
    assertThat(results.getFailedIds()).containsExactlyInAnyOrder(task1.getId(), task2.getId());
-    assertThat(results.getErrorMap().values()).hasOnlyElementsOfType(InvalidStateException.class);
+    assertThat(results.getErrorMap().values())
        .hasOnlyElementsOfType(InvalidTaskStateException.class);
    assertThat(results.getErrorForId(task1.getId()))
        .hasMessage(
            "Task with id '%s' is in state: '%s', but must be in one of these states: '%s'",
--- a/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java
+++ b/lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java
@ -14,8 +14,8 @@ import org.junit.jupiter.api.Test;
 import pro.taskana.classification.api.ClassificationService;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
 import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskComment;
@ -28,6 +28,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
 import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
@TaskanaIntegrationTest
@ -89,7 +90,7 @@ class UpdateTaskCommentAccTest {
    taskComment.setTextField("updated textfield");
    assertThatThrownBy(() -> taskService.updateTaskComment(taskComment))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1")
@ -106,7 +107,8 @@ class UpdateTaskCommentAccTest {
    taskComment.setCreator("user-1-2");
    ThrowingCallable updateTaskCommentCall = () -> taskService.updateTaskComment(taskComment);
-    assertThatThrownBy(updateTaskCommentCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(updateTaskCommentCall)
        .isInstanceOf(MismatchedTaskCommentCreatorException.class);
  }
  @WithAccessId(user = "user-1-1")
--- a/lib/taskana-core/src/main/java/pro/taskana/classification/api/ClassificationService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/classification/api/ClassificationService.java
@ -9,7 +9,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.task.api.models.Task;
 /**
@ -59,7 +59,7 @@ public interface ClassificationService {
   *     id}.
   * @throws ClassificationAlreadyExistException if the {@linkplain Classification} already exists
   *     in the given {@linkplain Classification#getDomain() domain}.
-   * @throws NotAuthorizedException if the current user is not member of {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   * @throws DomainNotFoundException if the {@linkplain Classification#getDomain() domain} does not
   *     exist in the configuration
@ -68,8 +68,8 @@ public interface ClassificationService {
   * @throws InvalidArgumentException if the {@linkplain Classification} contains invalid properties
   */
  Classification createClassification(Classification classification)
-      throws ClassificationAlreadyExistException, NotAuthorizedException, DomainNotFoundException,
+      throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException,
-          InvalidArgumentException, MalformedServiceLevelException;
+          MalformedServiceLevelException, MismatchedRoleException;
  // READ
@ -114,7 +114,7 @@ public interface ClassificationService {
   * @return the updated {@linkplain Classification}.
   * @throws ClassificationNotFoundException if the specified {@linkplain Classification} or its
   *     parent does not exist
-   * @throws NotAuthorizedException if the caller is neither member of{@linkplain
+   * @throws MismatchedRoleException if the caller is neither member of{@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} nor {@linkplain TaskanaRole#ADMIN}
   * @throws ConcurrencyException if the {@linkplain Classification} was modified in the meantime
   *     and is not the most up to date anymore; that's the case if the given {@linkplain
@ -124,8 +124,8 @@ public interface ClassificationService {
   * @throws InvalidArgumentException if the {@linkplain Classification} contains invalid properties
   */
  Classification updateClassification(Classification classification)
-      throws ClassificationNotFoundException, NotAuthorizedException, ConcurrencyException,
+      throws ClassificationNotFoundException, ConcurrencyException, InvalidArgumentException,
-          InvalidArgumentException, MalformedServiceLevelException;
+          MalformedServiceLevelException, MismatchedRoleException;
  // DELETE
@ -139,11 +139,11 @@ public interface ClassificationService {
   *     {@linkplain Classification}
   * @throws ClassificationNotFoundException if no {@linkplain Classification} with the specified
   *     {@linkplain Classification#getId() id} was found
-   * @throws NotAuthorizedException if the current user is not member of {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   */
  void deleteClassification(String id)
-      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException;
+      throws ClassificationInUseException, ClassificationNotFoundException, MismatchedRoleException;
  /**
   * Deletes the {@linkplain Classification} identified by the provided {@linkplain
@ -161,11 +161,11 @@ public interface ClassificationService {
   * @throws ClassificationNotFoundException if no {@linkplain Classification} with the specified
   *     {@linkplain Classification#getKey() key} and {@linkplain Classification#getDomain() domain}
   *     was found
-   * @throws NotAuthorizedException if the current user is not member of {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   */
  void deleteClassification(String classificationKey, String domain)
-      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException;
+      throws ClassificationInUseException, ClassificationNotFoundException, MismatchedRoleException;
  // endregion
--- a/lib/taskana-core/src/main/java/pro/taskana/classification/api/exceptions/ClassificationNotFoundException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/classification/api/exceptions/ClassificationNotFoundException.java
@ -2,11 +2,11 @@ package pro.taskana.classification.api.exceptions;
 import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotFoundException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 /** Thrown if a specific {@linkplain Classification} is not in the database. */
-public class ClassificationNotFoundException extends NotFoundException {
+public class ClassificationNotFoundException extends TaskanaException {
  public static final String ERROR_KEY_ID = "CLASSIFICATION_WITH_ID_NOT_FOUND";
  public static final String ERROR_KEY_KEY_DOMAIN = "CLASSIFICATION_WITH_KEY_NOT_FOUND";
--- a/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java
@ -30,7 +30,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
 import pro.taskana.common.internal.util.LogSanitizer;
@ -108,7 +108,8 @@ public class ClassificationServiceImpl implements ClassificationService {
  @Override
  public void deleteClassification(String classificationId)
-      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException {
+      throws ClassificationInUseException, ClassificationNotFoundException,
          MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
      taskanaEngine.openConnection();
@ -163,7 +164,8 @@ public class ClassificationServiceImpl implements ClassificationService {
  @Override
  public void deleteClassification(String classificationKey, String domain)
-      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException {
+      throws ClassificationInUseException, ClassificationNotFoundException,
          MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
      taskanaEngine.openConnection();
@ -180,8 +182,8 @@ public class ClassificationServiceImpl implements ClassificationService {
  @Override
  public Classification createClassification(Classification classification)
-      throws ClassificationAlreadyExistException, NotAuthorizedException, DomainNotFoundException,
+      throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException,
-          InvalidArgumentException, MalformedServiceLevelException {
+          MalformedServiceLevelException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    if (!taskanaEngine.domainExists(classification.getDomain())
        && !MASTER_DOMAIN.equals(classification.getDomain())) {
@ -234,8 +236,8 @@ public class ClassificationServiceImpl implements ClassificationService {
  @Override
  public Classification updateClassification(Classification classification)
-      throws NotAuthorizedException, ConcurrencyException, ClassificationNotFoundException,
+      throws ConcurrencyException, ClassificationNotFoundException, InvalidArgumentException,
-          InvalidArgumentException, MalformedServiceLevelException {
+          MalformedServiceLevelException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    ClassificationImpl classificationImpl;
    try {
--- a/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java
@ -5,7 +5,7 @@ import java.util.function.Supplier;
 import pro.taskana.TaskanaConfiguration;
 import pro.taskana.classification.api.ClassificationService;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.security.CurrentUserContext;
 import pro.taskana.common.internal.TaskanaEngineImpl;
 import pro.taskana.monitor.api.MonitorService;
@ -187,10 +187,10 @@ public interface TaskanaEngine {
   *
   * @param roles The {@linkplain TaskanaRole TaskanaRoles} that are checked for membership of the
   *     current user
-   * @throws NotAuthorizedException If the current user is not member of any specified {@linkplain
+   * @throws MismatchedRoleException If the current user is not member of any specified {@linkplain
   *     TaskanaRole TaskanaRole}
   */
-  void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException;
+  void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException;
  /**
   * Executes a given {@code Supplier} with admin privileges and thus skips further permission
--- a/lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java
@ -38,7 +38,6 @@ import pro.taskana.common.api.WorkingDaysToDaysConverter;
 import pro.taskana.common.api.exceptions.AutocommitFailedException;
 import pro.taskana.common.api.exceptions.ConnectionNotSetException;
 import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.security.CurrentUserContext;
 import pro.taskana.common.api.security.UserPrincipal;
@ -283,7 +282,7 @@ public class TaskanaEngineImpl implements TaskanaEngine {
  }
  @Override
-  public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
+  public void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException {
    if (!isUserInRole(roles)) {
      if (LOGGER.isDebugEnabled()) {
        String rolesAsString = Arrays.toString(roles);
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/ClassificationCategoryReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/ClassificationCategoryReport.java
@ -5,7 +5,7 @@ import java.util.List;
 import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@ -34,10 +34,10 @@ public class ClassificationCategoryReport
    @Override
    ClassificationCategoryReport buildReport()
-        throws NotAuthorizedException, InvalidArgumentException;
+        throws InvalidArgumentException, MismatchedRoleException;
    @Override
    ClassificationCategoryReport buildReport(TaskTimestamp timestamp)
-        throws NotAuthorizedException, InvalidArgumentException;
+        throws InvalidArgumentException, MismatchedRoleException;
  }
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/ClassificationReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/ClassificationReport.java
@ -3,9 +3,10 @@ package pro.taskana.monitor.api.reports;
 import java.util.List;
 import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@ -35,11 +36,11 @@ public class ClassificationReport extends Report<MonitorQueryItem, TimeIntervalC
      extends TimeIntervalReportBuilder<Builder, MonitorQueryItem, TimeIntervalColumnHeader> {
    @Override
-    ClassificationReport buildReport() throws NotAuthorizedException, InvalidArgumentException;
+    ClassificationReport buildReport() throws InvalidArgumentException, MismatchedRoleException;
    @Override
    ClassificationReport buildReport(TaskTimestamp timestamp)
-        throws NotAuthorizedException, InvalidArgumentException;
+        throws InvalidArgumentException, MismatchedRoleException;
    /**
     * Returns a {@linkplain DetailedClassificationReport} containing all tasks after applying the
@ -49,13 +50,14 @@ public class ClassificationReport extends Report<MonitorQueryItem, TimeIntervalC
     *
     * @return the DetailedClassificationReport
     * @throws InvalidArgumentException if the column headers are not initialized
-     * @throws NotAuthorizedException if the user has no rights to access the monitor
+     * @throws MismatchedRoleException if the current user is not member of {@linkplain
     *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
     */
    DetailedClassificationReport buildDetailedReport()
-        throws InvalidArgumentException, NotAuthorizedException;
+        throws InvalidArgumentException, MismatchedRoleException;
    DetailedClassificationReport buildDetailedReport(TaskTimestamp timestamp)
-        throws InvalidArgumentException, NotAuthorizedException;
+        throws InvalidArgumentException, MismatchedRoleException;
  }
  /**
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/Report.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/Report.java
@ -8,7 +8,7 @@ import java.util.Map;
 import java.util.Set;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.item.QueryItem;
 import pro.taskana.monitor.api.reports.item.QueryItemPreprocessor;
@ -133,6 +133,6 @@ public abstract class Report<I extends QueryItem, H extends ColumnHeader<? super
   */
  public interface Builder<I extends QueryItem, H extends ColumnHeader<? super I>> {
-    Report<I, H> buildReport() throws NotAuthorizedException, InvalidArgumentException;
+    Report<I, H> buildReport() throws InvalidArgumentException, MismatchedRoleException;
  }
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TaskCustomFieldValueReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TaskCustomFieldValueReport.java
@ -4,7 +4,7 @@ import java.util.List;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@ -32,10 +32,10 @@ public class TaskCustomFieldValueReport extends Report<MonitorQueryItem, TimeInt
    @Override
    TaskCustomFieldValueReport buildReport()
-        throws NotAuthorizedException, InvalidArgumentException;
+        throws InvalidArgumentException, MismatchedRoleException;
    @Override
    TaskCustomFieldValueReport buildReport(TaskTimestamp timestamp)
-        throws NotAuthorizedException, InvalidArgumentException;
+        throws InvalidArgumentException, MismatchedRoleException;
  }
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TaskStatusReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TaskStatusReport.java
@ -4,7 +4,7 @@ import java.util.List;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TaskStatusColumnHeader;
 import pro.taskana.monitor.api.reports.item.TaskQueryItem;
@ -34,7 +34,7 @@ public class TaskStatusReport extends Report<TaskQueryItem, TaskStatusColumnHead
  public interface Builder extends Report.Builder<TaskQueryItem, TaskStatusColumnHeader> {
    @Override
-    TaskStatusReport buildReport() throws NotAuthorizedException;
+    TaskStatusReport buildReport() throws MismatchedRoleException;
    /**
     * Adds a list of states to the builder. The created report contains only tasks with a state in
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TimeIntervalReportBuilder.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TimeIntervalReportBuilder.java
@ -3,8 +3,9 @@ package pro.taskana.monitor.api.reports;
 import java.util.List;
 import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.SelectedItem;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@ -215,30 +216,33 @@ public interface TimeIntervalReportBuilder<
   * @param timestamp the {@linkplain TaskTimestamp} of interest
   * @return the list of all taskIds
   * @throws InvalidArgumentException if the column headers are not initialized
-   * @throws NotAuthorizedException if the user has no rights to access the monitor
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
   */
  List<String> listTaskIdsForSelectedItems(
      List<SelectedItem> selectedItems, TaskTimestamp timestamp)
-      throws NotAuthorizedException, InvalidArgumentException;
+      throws InvalidArgumentException, MismatchedRoleException;
  /**
   * Returns a list of all values of an entered custom field that are in the {@linkplain Report}.
   *
   * @param taskCustomField the {@linkplain TaskCustomField} whose values should appear in the list
   * @return the list of all custom attribute values
-   * @throws NotAuthorizedException if the user has no rights to access the monitor
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
   */
  List<String> listCustomAttributeValuesForCustomAttributeName(TaskCustomField taskCustomField)
-      throws NotAuthorizedException;
+      throws MismatchedRoleException;
  /**
   * Builds the {@linkplain Report} for the specified {@linkplain TaskTimestamp}.
   *
   * @param timestamp The {@linkplain TaskTimestamp} of interest
   * @return The build {@linkplain Report}
-   * @throws NotAuthorizedException if the user has no rights to access the monitor
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
   * @throws InvalidArgumentException if an error occurs
   */
  Report<I, H> buildReport(TaskTimestamp timestamp)
-      throws NotAuthorizedException, InvalidArgumentException;
+      throws InvalidArgumentException, MismatchedRoleException;
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TimestampReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TimestampReport.java
@ -4,7 +4,7 @@ import java.util.List;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@ -45,7 +45,7 @@ public class TimestampReport extends Report<TimestampQueryItem, TimeIntervalColu
          TimestampReport.Builder, TimestampQueryItem, TimeIntervalColumnHeader> {
    @Override
-    TimestampReport buildReport() throws NotAuthorizedException, InvalidArgumentException;
+    TimestampReport buildReport() throws InvalidArgumentException, MismatchedRoleException;
    Builder withTimestamps(List<TaskTimestamp> taskTimestamps);
  }
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/WorkbasketPriorityReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/WorkbasketPriorityReport.java
@ -4,7 +4,7 @@ import java.util.List;
 import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.PriorityColumnHeader;
 import pro.taskana.monitor.api.reports.item.PriorityQueryItem;
@ -33,7 +33,7 @@ public class WorkbasketPriorityReport extends Report<PriorityQueryItem, Priority
  public interface Builder extends Report.Builder<PriorityQueryItem, PriorityColumnHeader> {
    @Override
-    WorkbasketPriorityReport buildReport() throws NotAuthorizedException;
+    WorkbasketPriorityReport buildReport() throws MismatchedRoleException;
    /**
     * Adds {@linkplain WorkbasketType WorkbasketTypes} to the builder. The created report will only
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/WorkbasketReport.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/WorkbasketReport.java
@ -4,7 +4,7 @@ import java.util.List;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
@ -32,11 +32,11 @@ public class WorkbasketReport extends Report<MonitorQueryItem, TimeIntervalColum
      extends TimeIntervalReportBuilder<Builder, MonitorQueryItem, TimeIntervalColumnHeader> {
    @Override
-    WorkbasketReport buildReport() throws NotAuthorizedException, InvalidArgumentException;
+    WorkbasketReport buildReport() throws InvalidArgumentException, MismatchedRoleException;
    @Override
    WorkbasketReport buildReport(TaskTimestamp timestamp)
-        throws NotAuthorizedException, InvalidArgumentException;
+        throws InvalidArgumentException, MismatchedRoleException;
    /**
     * Adds a list of {@linkplain CombinedClassificationFilter} to the builder. The created report
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/ClassificationCategoryReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/ClassificationCategoryReportBuilderImpl.java
@ -5,7 +5,7 @@ import java.util.List;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.ClassificationCategoryReport;
@ -27,13 +27,13 @@ public class ClassificationCategoryReportBuilderImpl
  @Override
  public ClassificationCategoryReport buildReport()
-      throws NotAuthorizedException, InvalidArgumentException {
+      throws InvalidArgumentException, MismatchedRoleException {
    return buildReport(TaskTimestamp.DUE);
  }
  @Override
  public ClassificationCategoryReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/ClassificationReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/ClassificationReportBuilderImpl.java
@ -10,7 +10,7 @@ import pro.taskana.classification.api.ClassificationService;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.ClassificationReport;
@ -38,13 +38,13 @@ public class ClassificationReportBuilderImpl
  @Override
  public ClassificationReport buildReport()
-      throws NotAuthorizedException, InvalidArgumentException {
+      throws InvalidArgumentException, MismatchedRoleException {
    return buildReport(TaskTimestamp.DUE);
  }
  @Override
  public ClassificationReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
@ -77,13 +77,13 @@ public class ClassificationReportBuilderImpl
  @Override
  public DetailedClassificationReport buildDetailedReport()
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    return buildDetailedReport(TaskTimestamp.DUE);
  }
  @Override
  public DetailedClassificationReport buildDetailedReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TaskCustomFieldValueReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TaskCustomFieldValueReportBuilderImpl.java
@ -5,7 +5,7 @@ import java.util.List;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.TaskCustomFieldValueReport;
@ -33,13 +33,13 @@ public class TaskCustomFieldValueReportBuilderImpl
  @Override
  public TaskCustomFieldValueReport buildReport()
-      throws NotAuthorizedException, InvalidArgumentException {
+      throws InvalidArgumentException, MismatchedRoleException {
    return buildReport(TaskTimestamp.DUE);
  }
  @Override
  public TaskCustomFieldValueReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TaskStatusReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TaskStatusReportBuilderImpl.java
@ -6,7 +6,7 @@ import java.util.Map;
 import java.util.stream.Collectors;
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.reports.TaskStatusReport;
 import pro.taskana.monitor.api.reports.TaskStatusReport.Builder;
@ -35,7 +35,7 @@ public class TaskStatusReportBuilderImpl implements TaskStatusReport.Builder {
  }
  @Override
-  public TaskStatusReport buildReport() throws NotAuthorizedException {
+  public TaskStatusReport buildReport() throws MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TimeIntervalReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TimeIntervalReportBuilderImpl.java
@ -9,7 +9,7 @@ import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.WorkingDaysToDaysConverter;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
@ -547,7 +547,7 @@ abstract class TimeIntervalReportBuilderImpl<
  @Override
  public List<String> listTaskIdsForSelectedItems(
      List<SelectedItem> selectedItems, TaskTimestamp timestamp)
-      throws NotAuthorizedException, InvalidArgumentException {
+      throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR);
    try {
@ -583,7 +583,7 @@ abstract class TimeIntervalReportBuilderImpl<
  @Override
  public List<String> listCustomAttributeValuesForCustomAttributeName(
-      TaskCustomField taskCustomField) throws NotAuthorizedException {
+      TaskCustomField taskCustomField) throws MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TimestampReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TimestampReportBuilderImpl.java
@ -9,7 +9,7 @@ import java.util.stream.Collectors;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.SelectedItem;
 import pro.taskana.monitor.api.TaskTimestamp;
@ -55,12 +55,12 @@ public class TimestampReportBuilderImpl
  @Override
  public Report<TimestampQueryItem, TimeIntervalColumnHeader> buildReport(TaskTimestamp timestamp)
-      throws NotAuthorizedException, InvalidArgumentException {
+      throws InvalidArgumentException, MismatchedRoleException {
    return buildReport();
  }
  @Override
-  public TimestampReport buildReport() throws NotAuthorizedException, InvalidArgumentException {
+  public TimestampReport buildReport() throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/WorkbasketPriorityReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/WorkbasketPriorityReportBuilderImpl.java
@ -7,7 +7,7 @@ import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.WorkingDaysToDaysConverter;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.reports.WorkbasketPriorityReport;
@ -125,7 +125,7 @@ public class WorkbasketPriorityReportBuilderImpl implements WorkbasketPriorityRe
  }
  @Override
-  public WorkbasketPriorityReport buildReport() throws NotAuthorizedException {
+  public WorkbasketPriorityReport buildReport() throws MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    WorkbasketPriorityReport report = new WorkbasketPriorityReport(columnHeaders);
--- a/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/WorkbasketReportBuilderImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/WorkbasketReportBuilderImpl.java
@ -7,7 +7,7 @@ import java.util.stream.Collectors;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
 import pro.taskana.monitor.api.TaskTimestamp;
@ -34,13 +34,13 @@ public class WorkbasketReportBuilderImpl
  }
  @Override
-  public WorkbasketReport buildReport() throws NotAuthorizedException, InvalidArgumentException {
+  public WorkbasketReport buildReport() throws InvalidArgumentException, MismatchedRoleException {
    return buildReport(TaskTimestamp.DUE);
  }
  @Override
  public WorkbasketReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
    try {
      this.taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/spi/history/api/TaskanaHistory.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/spi/history/api/TaskanaHistory.java
@ -3,8 +3,9 @@ package pro.taskana.spi.history.api;
 import java.util.List;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.spi.history.api.events.classification.ClassificationHistoryEvent;
 import pro.taskana.spi.history.api.events.task.TaskHistoryEvent;
 import pro.taskana.spi.history.api.events.workbasket.WorkbasketHistoryEvent;
@ -45,8 +46,9 @@ public interface TaskanaHistory {
   *
   * @param taskIds the task ids for which all history events must be deleted
   * @throws InvalidArgumentException If the list of taskIds is null
-   * @throws NotAuthorizedException If the user has no permission to delete events
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#ADMIN}
   */
  void deleteHistoryEventsByTaskIds(List<String> taskIds)
-      throws InvalidArgumentException, NotAuthorizedException;
+      throws InvalidArgumentException, MismatchedRoleException;
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/spi/history/api/exceptions/TaskanaHistoryEventNotFoundException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/spi/history/api/exceptions/TaskanaHistoryEventNotFoundException.java
@ -1,7 +1,7 @@
 package pro.taskana.spi.history.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotFoundException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.spi.history.api.events.task.TaskHistoryEvent;
@ -9,7 +9,7 @@ import pro.taskana.spi.history.api.events.task.TaskHistoryEvent;
 * This exception is thrown when the {@linkplain TaskHistoryEvent} with the specified {@linkplain
 * TaskHistoryEvent#getId() id} was not found.
 */
-public class TaskanaHistoryEventNotFoundException extends NotFoundException {
+public class TaskanaHistoryEventNotFoundException extends TaskanaException {
  public static final String ERROR_KEY = "HISTORY_EVENT_NOT_FOUND";
  private final String historyEventId;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/TaskService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/TaskService.java
@ -10,13 +10,14 @@ import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.spi.routing.api.TaskRoutingProvider;
 import pro.taskana.task.api.exceptions.AttachmentPersistenceException;
 import pro.taskana.task.api.exceptions.InvalidCallbackStateException;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
 import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
@ -26,6 +27,7 @@ import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskComment;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
@ -105,7 +107,7 @@ public interface TaskService {
   * @param taskToCreate the transient {@linkplain Task} to be inserted
   * @return the created and inserted {@linkplain Task}
   * @throws TaskAlreadyExistException if the {@linkplain Task} already exists
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#APPEND} for the {@linkplain Workbasket} the {@linkplain Task} is in
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} referenced by the
   *     {@linkplain Task#getWorkbasketSummary() workbasketSummary} of the {@linkplain Task} isn't
@ -123,9 +125,9 @@ public interface TaskService {
   *     without using {@linkplain Task#addSecondaryObjectReference(ObjectReference)}
   */
  Task createTask(Task taskToCreate)
-      throws NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException,
+      throws WorkbasketNotFoundException, ClassificationNotFoundException,
          TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException;
+          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException;
  // endregion
@ -137,10 +139,10 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task}
   * @return the {@linkplain Task} with the specified taskId
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
-  Task getTask(String taskId) throws TaskNotFoundException, NotAuthorizedException;
+  Task getTask(String taskId) throws TaskNotFoundException, MismatchedWorkbasketPermissionException;
  // endregion
@ -152,15 +154,15 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task} to be claimed
   * @return the claimed {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId was not found
-   * @throws InvalidStateException if the {@linkplain Task#getState() state} of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task#getState() state} of the {@linkplain
   *     Task} with taskId isn't {@linkplain TaskState#READY}
   * @throws InvalidOwnerException if the {@linkplain Task} with taskId is claimed by some else
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task claim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException;
+          InvalidTaskStateException;
  /**
   * Claim an existing {@linkplain Task} for the current user even if it is already claimed by
@ -169,15 +171,15 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task} to be claimed
   * @return the claimed {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId was not found
-   * @throws InvalidStateException if the state of Task with taskId is in {@linkplain
+   * @throws InvalidTaskStateException if the state of Task with taskId is in {@linkplain
   *     TaskState#END_STATES}
   * @throws InvalidOwnerException cannot be thrown
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task forceClaim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException;
+          InvalidTaskStateException;
  /**
   * Selects and claims the first {@linkplain Task} which is returned by the {@linkplain TaskQuery}.
@ -185,10 +187,11 @@ public interface TaskService {
   * @param taskQuery the {@linkplain TaskQuery}
   * @return the {@linkplain Task} that got selected and claimed
   * @throws InvalidOwnerException if the {@linkplain Task} is claimed by someone else
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
-  Task selectAndClaim(TaskQuery taskQuery) throws NotAuthorizedException, InvalidOwnerException;
+  Task selectAndClaim(TaskQuery taskQuery)
      throws InvalidOwnerException, MismatchedWorkbasketPermissionException;
  /**
   * Cancel the claim of an existing {@linkplain Task} if it was claimed by the current user before.
@ -197,15 +200,15 @@ public interface TaskService {
   *     unclaimed
   * @return the unclaimed {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId was not found
-   * @throws InvalidStateException if the {@linkplain Task} is already in one of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task} is already in one of the {@linkplain
   *     TaskState#END_STATES}
   * @throws InvalidOwnerException if the {@linkplain Task} is claimed by another user
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task cancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException;
+          InvalidTaskStateException;
  /**
   * Cancel the claim of an existing {@linkplain Task} even if it was claimed by another user.
@ -214,15 +217,15 @@ public interface TaskService {
   *     unclaimed
   * @return the unclaimed {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId was not found
-   * @throws InvalidStateException if the {@linkplain Task} is already in one of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task} is already in one of the {@linkplain
   *     TaskState#END_STATES}
   * @throws InvalidOwnerException cannot be thrown
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task forceCancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException;
+          InvalidTaskStateException;
  /**
   * Request review for an existing {@linkplain Task} that is in {@linkplain TaskState#CLAIMED}.
@ -233,12 +236,12 @@ public interface TaskService {
   *     Task} with taskId is not in {@linkplain TaskState#CLAIMED}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws InvalidOwnerException if the {@linkplain Task} is claimed by another user
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task requestReview(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException;
+          MismatchedWorkbasketPermissionException;
  /**
   * Request review for an existing {@linkplain Task} even if the current user is not the
@ -250,12 +253,12 @@ public interface TaskService {
   *     Task} with taskId is one of the {@linkplain TaskState#END_STATES}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws InvalidOwnerException cannot be thrown
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task forceRequestReview(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException;
+          MismatchedWorkbasketPermissionException;
  /**
   * Request changes for an existing {@linkplain Task} that is in {@linkplain TaskState#IN_REVIEW}.
@ -268,12 +271,12 @@ public interface TaskService {
   *     Task} with taskId is not in {@linkplain TaskState#IN_REVIEW}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws InvalidOwnerException if the {@linkplain Task} is claimed by another user
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task requestChanges(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException;
+          MismatchedWorkbasketPermissionException;
  /**
   * Request changes for an existing {@linkplain Task} even if the current user is not the
@ -287,12 +290,12 @@ public interface TaskService {
   *     Task} with taskId is one of the {@linkplain TaskState#END_STATES}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws InvalidOwnerException cannot be thrown
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task forceRequestChanges(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException;
+          MismatchedWorkbasketPermissionException;
  /**
   * Complete a claimed {@linkplain Task} as {@linkplain Task#getOwner() owner} or {@linkplain
@ -303,18 +306,18 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task} which should be
   *     completed
   * @return the completed {@linkplain Task}
-   * @throws InvalidStateException if the {@linkplain Task#getState() state} of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task#getState() state} of the {@linkplain
   *     Task} with taskId is neither {@linkplain TaskState#CLAIMED} nor {@linkplain
   *     TaskState#COMPLETED}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws InvalidOwnerException if current user isn't the {@linkplain Task#getOwner() owner} of
   *     the {@linkplain Task} or {@linkplain TaskanaRole#ADMIN}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task completeTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, InvalidStateException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException;
+          InvalidTaskStateException;
  /**
   * Completes a {@linkplain Task} and updates {@linkplain Task#getState() state} and timestamps in
@ -325,18 +328,18 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task} which should be
   *     completed
   * @return the updated {@linkplain Task} after completion
-   * @throws InvalidStateException if the {@linkplain Task#getState() state} of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task#getState() state} of the {@linkplain
   *     Task} with taskId is with taskId is {@linkplain TaskState#TERMINATED} or {@linkplain
   *     TaskState#CANCELLED}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws InvalidOwnerException if current user isn't the {@linkplain Task#getOwner() owner} of
   *     the {@linkplain Task} or {@linkplain TaskanaRole#ADMIN}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task forceCompleteTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, InvalidStateException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException;
+          InvalidTaskStateException;
  /**
   * Completes a List of {@linkplain Task Tasks}.
@ -376,13 +379,14 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task} to cancel
   * @return the updated {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
-   * @throws InvalidStateException if the {@linkplain Task} isn't in {@linkplain TaskState#READY} or
+   * @throws InvalidTaskStateException if the {@linkplain Task} isn't in {@linkplain
-   *     {@linkplain TaskState#CLAIMED}
+   *     TaskState#READY} or {@linkplain TaskState#CLAIMED}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task cancelTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException;
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException,
          InvalidTaskStateException;
  /**
   * Terminates a {@linkplain Task}. Termination is an administrative action to complete a
@ -393,13 +397,16 @@ public interface TaskService {
   * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task} to terminate
   * @return the updated {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
-   * @throws InvalidStateException if the {@linkplain Task} isn't in {@linkplain TaskState#READY} or
+   * @throws InvalidTaskStateException if the {@linkplain Task} isn't in {@linkplain
-   *     {@linkplain TaskState#CLAIMED}
+   *     TaskState#READY} or {@linkplain TaskState#CLAIMED}
-   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
+   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
   *     TaskanaRole#ADMIN} or {@linkplain TaskanaRole#TASK_ADMIN}
   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have the correct
   *     permission
   */
  Task terminateTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException;
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException;
  /**
   * Transfers a {@linkplain Task} to another {@linkplain Workbasket} while always setting
@ -409,8 +416,8 @@ public interface TaskService {
   */
  @SuppressWarnings("checkstyle:JavadocMethod")
  default Task transfer(String taskId, String destinationWorkbasketId)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    return transfer(taskId, destinationWorkbasketId, true);
  }
@ -429,15 +436,15 @@ public interface TaskService {
   * @return the transferred {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
   * @throws WorkbasketNotFoundException if the target {@linkplain Workbasket} was not found
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
   *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
-   * @throws InvalidStateException if the {@linkplain Task} is in one of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task} is in one of the {@linkplain
   *     TaskState#END_STATES}
   */
  Task transfer(String taskId, String destinationWorkbasketId, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException;
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException;
  /**
   * Transfers a {@linkplain Task} to another {@linkplain Workbasket} while always setting
@ -447,8 +454,8 @@ public interface TaskService {
   */
  @SuppressWarnings("checkstyle:JavadocMethod")
  default Task transfer(String taskId, String workbasketKey, String domain)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    return transfer(taskId, workbasketKey, domain, true);
  }
@ -469,15 +476,15 @@ public interface TaskService {
   * @return the transferred {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId was not found
   * @throws WorkbasketNotFoundException if the target {@linkplain Workbasket} was not found
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
   *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
-   * @throws InvalidStateException if the {@linkplain Task} is in one of the {@linkplain
+   * @throws InvalidTaskStateException if the {@linkplain Task} is in one of the {@linkplain
   *     TaskState#END_STATES}
   */
  Task transfer(String taskId, String workbasketKey, String domain, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException;
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException;
  /**
   * Transfers a List of {@linkplain Task Tasks} to another {@linkplain Workbasket} while always
@ -488,7 +495,8 @@ public interface TaskService {
  @SuppressWarnings("checkstyle:JavadocMethod")
  default BulkOperationResults<String, TaskanaException> transferTasks(
      String destinationWorkbasketId, List<String> taskIds)
-      throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException {
+      throws InvalidArgumentException, WorkbasketNotFoundException,
          MismatchedWorkbasketPermissionException {
    return transferTasks(destinationWorkbasketId, taskIds, true);
  }
@ -506,7 +514,7 @@ public interface TaskService {
   * @param setTransferFlag controls whether to set {@linkplain Task#isTransferred() isTransferred}
   *     or not
   * @return Bulkresult with {@linkplain Task#getId() ids} and Error for each failed transactions
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
   *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
   * @throws InvalidArgumentException if the method parameters are empty or NULL
@ -514,7 +522,8 @@ public interface TaskService {
   */
  BulkOperationResults<String, TaskanaException> transferTasks(
      String destinationWorkbasketId, List<String> taskIds, boolean setTransferFlag)
-      throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException;
+      throws InvalidArgumentException, WorkbasketNotFoundException,
          MismatchedWorkbasketPermissionException;
  /**
   * Transfers a List of {@linkplain Task Tasks} to another {@linkplain Workbasket} while always
@ -525,7 +534,8 @@ public interface TaskService {
  @SuppressWarnings("checkstyle:JavadocMethod")
  default BulkOperationResults<String, TaskanaException> transferTasks(
      String destinationWorkbasketKey, String destinationWorkbasketDomain, List<String> taskIds)
-      throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException {
+      throws InvalidArgumentException, WorkbasketNotFoundException,
          MismatchedWorkbasketPermissionException {
    return transferTasks(destinationWorkbasketKey, destinationWorkbasketDomain, taskIds, true);
  }
@ -544,7 +554,7 @@ public interface TaskService {
   * @param setTransferFlag controls whether to set {@linkplain Task#isTransferred() isTransferred}
   *     or not
   * @return BulkResult with {@linkplain Task#getId() ids} and Error for each failed transactions
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
   *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
   * @throws InvalidArgumentException if the method parameters are empty or NULL
@ -555,7 +565,8 @@ public interface TaskService {
      String destinationWorkbasketDomain,
      List<String> taskIds,
      boolean setTransferFlag)
-      throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException;
+      throws InvalidArgumentException, WorkbasketNotFoundException,
          MismatchedWorkbasketPermissionException;
  /**
   * Update a {@linkplain Task}.
@ -573,7 +584,7 @@ public interface TaskService {
   * @throws ClassificationNotFoundException if the {@linkplain Task#getClassificationSummary()
   *     classificationSummary} of the updated {@linkplain Task} refers to a {@link Classification}
   *     that can't be found
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   * @throws AttachmentPersistenceException if an {@linkplain Attachment} with the same {@linkplain
   *     Attachment#getId() id} was added to the {@linkplain Task} multiple times without using
@ -581,14 +592,15 @@ public interface TaskService {
   * @throws ObjectReferencePersistenceException if an {@linkplain ObjectReference} with the same
   *     {@linkplain ObjectReference#getId() id} was added to the {@linkplain Task} multiple times
   *     without using {@linkplain Task#addSecondaryObjectReference(ObjectReference)}
-   * @throws InvalidStateException if an attempt is made to change the {@linkplain Task#getOwner()
+   * @throws InvalidTaskStateException if an attempt is made to change the {@linkplain
-   *     owner} of the {@linkplain Task} that {@linkplain Task#getState() state} isn't {@linkplain
+   *     Task#getOwner() owner} of the {@linkplain Task} that {@linkplain Task#getState() state}
-   *     TaskState#READY}
+   *     isn't {@linkplain TaskState#READY}
   */
  Task updateTask(Task task)
      throws InvalidArgumentException, TaskNotFoundException, ConcurrencyException,
-          ClassificationNotFoundException, NotAuthorizedException, AttachmentPersistenceException,
+          ClassificationNotFoundException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException, InvalidStateException;
+          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException,
          InvalidTaskStateException;
  /**
   * Updates specified {@linkplain TaskCustomField TaskCustomFields} of {@linkplain Task Tasks}
@ -631,11 +643,11 @@ public interface TaskService {
   * @param isRead the new status of {@linkplain Task#isRead() isRead}
   * @return the updated {@linkplain Task}
   * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
   */
  Task setTaskRead(String taskId, boolean isRead)
-      throws TaskNotFoundException, NotAuthorizedException;
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException;
  /**
   * Sets the specified {@linkplain CallbackState} on a List of {@linkplain Task Tasks}.
@ -693,15 +705,21 @@ public interface TaskService {
   * Deletes the {@linkplain Task} with the given {@linkplain Task#getId() id}.
   *
   * @param taskId The {@linkplain Task#getId() id} of the {@linkplain Task} to delete
   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have correct
   *     permission
   * @throws TaskNotFoundException If the given {@linkplain Task#getId() id} doesn't refer to an
   *     existing {@linkplain Task}
-   * @throws InvalidStateException If the {@linkplain Task#getState() state} of the referenced
+   * @throws InvalidTaskStateException If the {@linkplain Task#getState() state} of the referenced
   *     {@linkplain Task} isn't one of the {@linkplain TaskState#END_STATES}
-   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
+   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
   *     TaskanaRole#ADMIN}
   * @throws InvalidCallbackStateException the Callback State of the Task is {@linkplain
   *     CallbackState#CALLBACK_PROCESSING_REQUIRED}
   */
  void deleteTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException;
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
          InvalidCallbackStateException;
  /**
   * Deletes the {@linkplain Task} with the given {@linkplain Task#getId() id} even if it isn't
@ -710,15 +728,20 @@ public interface TaskService {
   * @param taskId The {@linkplain Task#getId() id} of the {@linkplain Task} to delete
   * @throws TaskNotFoundException if the given {@linkplain Task#getId() id} doesn't refer to an
   *     existing {@linkplain Task}
-   * @throws InvalidStateException if the {@linkplain Task#getState() state} of the referenced
+   * @throws InvalidTaskStateException if the {@linkplain Task#getState() state} of the referenced
   *     {@linkplain Task} isn't {@linkplain TaskState#TERMINATED} or {@linkplain
-   *     TaskState#CANCELLED} and the Callback State of the Task is {@linkplain
+   *     TaskState#CANCELLED}
-   *     CallbackState#CALLBACK_PROCESSING_REQUIRED}
+   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have correct
-   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
+   *     permissions
   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
   *     TaskanaRole#ADMIN}
   * @throws InvalidCallbackStateException the Callback State of the Task is {@linkplain
   *     CallbackState#CALLBACK_PROCESSING_REQUIRED}
   */
  void forceDeleteTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException;
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
          InvalidCallbackStateException;
  /**
   * Deletes a List of {@linkplain Task Tasks}.
@ -727,11 +750,11 @@ public interface TaskService {
   * @return the result of the operations with each {@linkplain Task#getId() id} and Exception for
   *     each failed deletion
   * @throws InvalidArgumentException if the tasks parameter contains NULL values
-   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
+   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
   *     TaskanaRole#ADMIN}
   */
  BulkOperationResults<String, TaskanaException> deleteTasks(List<String> tasks)
-      throws InvalidArgumentException, NotAuthorizedException;
+      throws InvalidArgumentException, MismatchedRoleException;
  // endregion
@ -754,7 +777,7 @@ public interface TaskService {
   *
   * @param taskComment the {@linkplain TaskComment} to be created
   * @return the created {@linkplain TaskComment}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
   *     Task}.
   * @throws TaskNotFoundException if the given {@linkplain TaskComment#getTaskId() taskId} doesn't
@ -763,7 +786,8 @@ public interface TaskService {
   *     {@link TaskComment} is neither NULL nor empty
   */
  TaskComment createTaskComment(TaskComment taskComment)
-      throws NotAuthorizedException, TaskNotFoundException, InvalidArgumentException;
+      throws TaskNotFoundException, InvalidArgumentException,
          MismatchedWorkbasketPermissionException;
  // endregion
@ -777,7 +801,7 @@ public interface TaskService {
   * @return the {@linkplain TaskComment} identified by taskCommentId
   * @throws TaskCommentNotFoundException if the given taskCommentId doesn't refer to an existing
   *     {@linkplain TaskComment}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
   *     Task}
   * @throws TaskNotFoundException if the {@linkplain TaskComment#getTaskId() taskId} of the
@ -785,8 +809,8 @@ public interface TaskService {
   * @throws InvalidArgumentException if the given taskCommentId is NULL or empty
   */
  TaskComment getTaskComment(String taskCommentId)
-      throws TaskCommentNotFoundException, NotAuthorizedException, TaskNotFoundException,
+      throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          InvalidArgumentException;
+          MismatchedWorkbasketPermissionException;
  /**
   * Retrieves the List of {@linkplain TaskComment TaskComments} for the {@linkplain Task} with
@ -796,14 +820,14 @@ public interface TaskService {
   *     {@linkplain TaskComment TaskComments} should be retrieved
   * @return the List of {@linkplain TaskComment TaskComments} attached to the specified {@linkplain
   *     Task}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
   *     Task}
   * @throws TaskNotFoundException if the given taskId doesn't refer to an existing {@linkplain
   *     Task}
   */
  List<TaskComment> getTaskComments(String taskId)
-      throws NotAuthorizedException, TaskNotFoundException;
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException;
  // endregion
@ -814,7 +838,7 @@ public interface TaskService {
   *
   * @param taskComment the {@linkplain TaskComment} to be updated in the database
   * @return the updated {@linkplain TaskComment}
-   * @throws NotAuthorizedException if the current user has no {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
   *     Task}.
   * @throws ConcurrencyException if an attempt is made to update the {@linkplain TaskComment} and
@ -826,10 +850,13 @@ public interface TaskService {
   *     to an existing {@linkplain Task}
   * @throws InvalidArgumentException if the {@linkplain TaskComment#getId() id} of the specified
   *     {@linkplain TaskComment} is NULL or empty
   * @throws MismatchedTaskCommentCreatorException If the current user doesn't have correct
   *     permissions
   */
  TaskComment updateTaskComment(TaskComment taskComment)
-      throws NotAuthorizedException, ConcurrencyException, TaskCommentNotFoundException,
+      throws ConcurrencyException, TaskCommentNotFoundException, TaskNotFoundException,
-          TaskNotFoundException, InvalidArgumentException;
+          InvalidArgumentException, MismatchedTaskCommentCreatorException,
          MismatchedWorkbasketPermissionException;
  // endregion
@ -840,20 +867,21 @@ public interface TaskService {
   *
   * @param taskCommentId the {@linkplain TaskComment#getId() id} of the {@linkplain TaskComment} to
   *     delete
   * @throws NotAuthorizedException if the current user isn't {@linkplain TaskanaRole#ADMIN},
   *     {@linkplain TaskanaRole#TASK_ADMIN} or the {@linkplain TaskComment#getCreator() creator} of
   *     the {@linkplain TaskComment}; the user also needs {@linkplain WorkbasketPermission#READ}
   *     for the {@linkplain Workbasket} of the commented {@linkplain Task}
   * @throws InvalidArgumentException if the taskCommentId is NULL or empty
   * @throws TaskCommentNotFoundException if the given taskCommentId doesn't refer to an existing
   *     {@linkplain TaskComment}
   * @throws TaskNotFoundException if the {@linkplain TaskComment#getTaskId() taskId} of the
   *     TaskComment doesn't refer to an existing {@linkplain Task}
   * @throws InvalidArgumentException if the given taskCommentId is NULL or empty
   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
   *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the commented {@linkplain Task}
   *     is in
   * @throws MismatchedTaskCommentCreatorException if the current user is not the {@linkplain
   *     TaskComment#getCreator() creator} of the {@linkplain TaskComment}.
   */
  void deleteTaskComment(String taskCommentId)
-      throws NotAuthorizedException, TaskCommentNotFoundException, TaskNotFoundException,
+      throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          InvalidArgumentException;
+          MismatchedTaskCommentCreatorException, MismatchedWorkbasketPermissionException;
  // endregion
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/InvalidCallbackStateException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/InvalidCallbackStateException.java
@ -3,6 +3,7 @@ package pro.taskana.task.api.exceptions;
 import java.util.Arrays;
 import pro.taskana.common.api.exceptions.ErrorCode;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.task.api.CallbackState;
 import pro.taskana.task.api.models.Task;
@ -12,7 +13,7 @@ import pro.taskana.task.internal.models.MinimalTaskSummary;
 * This exception is thrown when the {@linkplain MinimalTaskSummary#getCallbackState() callback
 * state} of the {@linkplain Task} doesn't allow the requested operation.
 */
-public class InvalidCallbackStateException extends InvalidStateException {
+public class InvalidCallbackStateException extends TaskanaException {
  public static final String ERROR_KEY = "TASK_INVALID_CALLBACK_STATE";
  private final String taskId;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/InvalidStateException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/InvalidStateException.java
@ -1,12 +0,0 @@
 package pro.taskana.task.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
 import pro.taskana.common.api.exceptions.TaskanaException;
 /** This exception is thrown when the current state doesn't allow the requested operation. */
 public class InvalidStateException extends TaskanaException {
  protected InvalidStateException(String msg, ErrorCode errorCode) {
    super(msg, errorCode);
  }
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/InvalidTaskStateException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/InvalidTaskStateException.java
@ -3,6 +3,7 @@ package pro.taskana.task.api.exceptions;
 import java.util.Arrays;
 import pro.taskana.common.api.exceptions.ErrorCode;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.models.Task;
@ -11,7 +12,7 @@ import pro.taskana.task.api.models.Task;
 * This exception is thrown when the {@linkplain Task#getState() state} of the {@linkplain Task}
 * doesn't allow the requested operation.
 */
-public class InvalidTaskStateException extends InvalidStateException {
+public class InvalidTaskStateException extends TaskanaException {
  public static final String ERROR_KEY = "TASK_INVALID_STATE";
  private final String taskId;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/MismatchedTaskCommentCreatorException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/MismatchedTaskCommentCreatorException.java
@ -1,7 +1,7 @@
 package pro.taskana.task.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.task.api.models.TaskComment;
@ -9,7 +9,7 @@ import pro.taskana.task.api.models.TaskComment;
 * This exception is thrown when the current user is not the creator of the {@linkplain TaskComment}
 * it tries to modify.
 */
-public class MismatchedTaskCommentCreatorException extends NotAuthorizedException {
+public class MismatchedTaskCommentCreatorException extends TaskanaException {
  public static final String ERROR_KEY = "TASK_COMMENT_CREATOR_MISMATCHED";
  private final String currentUserId;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/TaskCommentNotFoundException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/TaskCommentNotFoundException.java
@ -1,12 +1,12 @@
 package pro.taskana.task.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotFoundException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.task.api.models.TaskComment;
 /** This exception is thrown when a specific {@linkplain TaskComment} is not in the database. */
-public class TaskCommentNotFoundException extends NotFoundException {
+public class TaskCommentNotFoundException extends TaskanaException {
  public static final String ERROR_KEY = "TASK_COMMENT_NOT_FOUND";
  private final String taskCommentId;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/TaskNotFoundException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/TaskNotFoundException.java
@ -1,12 +1,12 @@
 package pro.taskana.task.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotFoundException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.task.api.models.Task;
 /** This exception is thrown when a specific {@linkplain Task} is not in the database. */
-public class TaskNotFoundException extends NotFoundException {
+public class TaskNotFoundException extends TaskanaException {
  public static final String ERROR_KEY = "TASK_NOT_FOUND";
  private final String taskId;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentQueryImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentQueryImpl.java
@ -9,12 +9,12 @@ import org.slf4j.LoggerFactory;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.task.api.TaskCommentQuery;
 import pro.taskana.task.api.TaskCommentQueryColumnName;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
 import pro.taskana.workbasket.internal.WorkbasketQueryImpl;
@ -307,7 +307,7 @@ public class TaskCommentQueryImpl implements TaskCommentQuery {
              taskId -> {
                try {
                  taskService.getTask(taskId);
-                } catch (NotAuthorizedException e) {
+                } catch (MismatchedWorkbasketPermissionException e) {
                  throw new NotAuthorizedToQueryWorkbasketException(
                      e.getMessage(), e.getErrorCode(), e);
                } catch (TaskNotFoundException e) {
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java
@ -8,7 +8,6 @@ import org.slf4j.LoggerFactory;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
@ -19,6 +18,7 @@ import pro.taskana.task.api.models.TaskComment;
 import pro.taskana.task.internal.models.TaskCommentImpl;
 import pro.taskana.user.api.models.User;
 import pro.taskana.user.internal.UserMapper;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 class TaskCommentServiceImpl {
@ -49,8 +49,9 @@ class TaskCommentServiceImpl {
  }
  TaskComment updateTaskComment(TaskComment taskCommentToUpdate)
-      throws NotAuthorizedException, ConcurrencyException, TaskCommentNotFoundException,
+      throws ConcurrencyException, TaskCommentNotFoundException, TaskNotFoundException,
-          TaskNotFoundException, InvalidArgumentException {
+          InvalidArgumentException, MismatchedTaskCommentCreatorException,
          MismatchedWorkbasketPermissionException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
@ -91,7 +92,8 @@ class TaskCommentServiceImpl {
  }
  TaskComment createTaskComment(TaskComment taskCommentToCreate)
-      throws NotAuthorizedException, TaskNotFoundException, InvalidArgumentException {
+      throws TaskNotFoundException, InvalidArgumentException,
          MismatchedWorkbasketPermissionException {
    TaskCommentImpl taskCommentImplToCreate = (TaskCommentImpl) taskCommentToCreate;
@ -115,8 +117,8 @@ class TaskCommentServiceImpl {
  }
  void deleteTaskComment(String taskCommentId)
-      throws NotAuthorizedException, TaskCommentNotFoundException, TaskNotFoundException,
+      throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          InvalidArgumentException {
+          MismatchedTaskCommentCreatorException, MismatchedWorkbasketPermissionException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
@ -146,7 +148,7 @@ class TaskCommentServiceImpl {
  }
  List<TaskComment> getTaskComments(String taskId)
-      throws NotAuthorizedException, TaskNotFoundException {
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException {
    try {
@ -168,8 +170,8 @@ class TaskCommentServiceImpl {
  }
  TaskComment getTaskComment(String taskCommentId)
-      throws TaskCommentNotFoundException, NotAuthorizedException, TaskNotFoundException,
+      throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          InvalidArgumentException {
+          MismatchedWorkbasketPermissionException {
    TaskCommentImpl result;
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java
@ -13,7 +13,6 @@ import pro.taskana.common.api.KeyDomain;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaRuntimeException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
@ -30,6 +29,7 @@ import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.task.internal.models.TaskSummaryImpl;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.internal.WorkbasketQueryImpl;
@ -2197,12 +2197,13 @@ public class TaskQueryImpl implements TaskQuery {
          checkOpenAndReadPermissionByKeyDomain(keyDomain);
        }
      }
-    } catch (NotAuthorizedException e) {
+    } catch (MismatchedWorkbasketPermissionException e) {
      throw new NotAuthorizedToQueryWorkbasketException(e.getMessage(), e.getErrorCode(), e);
    }
  }
-  private void checkOpenAndReadPermissionById(String workbasketId) throws NotAuthorizedException {
+  private void checkOpenAndReadPermissionById(String workbasketId)
      throws MismatchedWorkbasketPermissionException {
    try {
      taskanaEngine
          .getEngine()
@ -2215,7 +2216,7 @@ public class TaskQueryImpl implements TaskQuery {
  }
  private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain)
-      throws NotAuthorizedException {
+      throws MismatchedWorkbasketPermissionException {
    try {
      taskanaEngine
          .getEngine()
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java
@ -32,7 +32,7 @@ import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
@ -68,8 +68,8 @@ import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.AttachmentPersistenceException;
 import pro.taskana.task.api.exceptions.InvalidCallbackStateException;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
 import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
@ -158,79 +158,79 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public Task claim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    return claim(taskId, false);
  }
  @Override
  public Task forceClaim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    return claim(taskId, true);
  }
  @Override
  public Task cancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    return this.cancelClaim(taskId, false);
  }
  @Override
  public Task forceCancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    return this.cancelClaim(taskId, true);
  }
  @Override
  public Task requestReview(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException {
+          MismatchedWorkbasketPermissionException {
    return requestReview(taskId, false);
  }
  @Override
  public Task forceRequestReview(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException {
+          MismatchedWorkbasketPermissionException {
    return requestReview(taskId, true);
  }
  @Override
  public Task requestChanges(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException {
+          MismatchedWorkbasketPermissionException {
    return requestChanges(taskId, false);
  }
  @Override
  public Task forceRequestChanges(String taskId)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException {
+          MismatchedWorkbasketPermissionException {
    return requestChanges(taskId, true);
  }
  @Override
  public Task completeTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, InvalidStateException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    return completeTask(taskId, false);
  }
  @Override
  public Task forceCompleteTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, InvalidStateException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    return completeTask(taskId, true);
  }
  @Override
  public Task createTask(Task taskToCreate)
-      throws NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException,
+      throws WorkbasketNotFoundException, ClassificationNotFoundException,
          TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException {
+          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException {
    if (createTaskPreprocessorManager.isEnabled()) {
      taskToCreate = createTaskPreprocessorManager.processTaskBeforeCreation(taskToCreate);
@ -348,7 +348,8 @@ public class TaskServiceImpl implements TaskService {
  }
  @Override
-  public Task getTask(String id) throws NotAuthorizedException, TaskNotFoundException {
+  public Task getTask(String id)
      throws MismatchedWorkbasketPermissionException, TaskNotFoundException {
    try {
      taskanaEngine.openConnection();
@ -410,21 +411,21 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public Task transfer(String taskId, String destinationWorkbasketId, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    return taskTransferrer.transfer(taskId, destinationWorkbasketId, setTransferFlag);
  }
  @Override
  public Task transfer(String taskId, String workbasketKey, String domain, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    return taskTransferrer.transfer(taskId, workbasketKey, domain, setTransferFlag);
  }
  @Override
  public Task setTaskRead(String taskId, boolean isRead)
-      throws TaskNotFoundException, NotAuthorizedException {
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException {
    TaskImpl task;
    try {
      taskanaEngine.openConnection();
@ -500,9 +501,9 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public Task updateTask(Task task)
      throws InvalidArgumentException, TaskNotFoundException, ConcurrencyException,
-          NotAuthorizedException, AttachmentPersistenceException,
+          AttachmentPersistenceException, ObjectReferencePersistenceException,
-          ObjectReferencePersistenceException, InvalidStateException,
+          ClassificationNotFoundException, MismatchedWorkbasketPermissionException,
-          ClassificationNotFoundException {
+          InvalidTaskStateException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
    TaskImpl newTaskImpl = (TaskImpl) task;
    try {
@ -550,7 +551,8 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public BulkOperationResults<String, TaskanaException> transferTasks(
      String destinationWorkbasketId, List<String> taskIds, boolean setTransferFlag)
-      throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException {
+      throws InvalidArgumentException, WorkbasketNotFoundException,
          MismatchedWorkbasketPermissionException {
    return taskTransferrer.transfer(taskIds, destinationWorkbasketId, setTransferFlag);
  }
@ -560,26 +562,31 @@ public class TaskServiceImpl implements TaskService {
      String destinationWorkbasketDomain,
      List<String> taskIds,
      boolean setTransferFlag)
-      throws NotAuthorizedException, InvalidArgumentException, WorkbasketNotFoundException {
+      throws InvalidArgumentException, WorkbasketNotFoundException,
          MismatchedWorkbasketPermissionException {
    return taskTransferrer.transfer(
        taskIds, destinationWorkbasketKey, destinationWorkbasketDomain, setTransferFlag);
  }
  @Override
  public void deleteTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException {
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
          InvalidCallbackStateException {
    deleteTask(taskId, false);
  }
  @Override
  public void forceDeleteTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException {
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
          InvalidCallbackStateException {
    deleteTask(taskId, true);
  }
  @Override
  public Task selectAndClaim(TaskQuery taskQuery)
-      throws NotAuthorizedException, InvalidOwnerException {
+      throws InvalidOwnerException, MismatchedWorkbasketPermissionException {
    try {
@ -597,7 +604,7 @@ public class TaskServiceImpl implements TaskService {
      return claim(taskSummary.getId());
-    } catch (InvalidStateException | TaskNotFoundException e) {
+    } catch (TaskNotFoundException | InvalidTaskStateException e) {
      throw new SystemException("Caught exception ", e);
    } finally {
      taskanaEngine.returnConnection();
@ -606,7 +613,7 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public BulkOperationResults<String, TaskanaException> deleteTasks(List<String> taskIds)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN);
@ -732,34 +739,36 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public TaskComment createTaskComment(TaskComment taskComment)
-      throws NotAuthorizedException, TaskNotFoundException, InvalidArgumentException {
+      throws TaskNotFoundException, InvalidArgumentException,
          MismatchedWorkbasketPermissionException {
    return taskCommentService.createTaskComment(taskComment);
  }
  @Override
  public TaskComment updateTaskComment(TaskComment taskComment)
-      throws NotAuthorizedException, ConcurrencyException, TaskCommentNotFoundException,
+      throws ConcurrencyException, TaskCommentNotFoundException, TaskNotFoundException,
-          TaskNotFoundException, InvalidArgumentException {
+          InvalidArgumentException, MismatchedTaskCommentCreatorException,
          MismatchedWorkbasketPermissionException {
    return taskCommentService.updateTaskComment(taskComment);
  }
  @Override
  public void deleteTaskComment(String taskCommentId)
-      throws NotAuthorizedException, TaskCommentNotFoundException, TaskNotFoundException,
+      throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          InvalidArgumentException {
+          MismatchedTaskCommentCreatorException, MismatchedWorkbasketPermissionException {
    taskCommentService.deleteTaskComment(taskCommentId);
  }
  @Override
  public TaskComment getTaskComment(String taskCommentid)
-      throws TaskCommentNotFoundException, NotAuthorizedException, TaskNotFoundException,
+      throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          InvalidArgumentException {
+          MismatchedWorkbasketPermissionException {
    return taskCommentService.getTaskComment(taskCommentid);
  }
  @Override
  public List<TaskComment> getTaskComments(String taskId)
-      throws NotAuthorizedException, TaskNotFoundException {
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException {
    return taskCommentService.getTaskComments(taskId);
  }
@ -853,7 +862,8 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public Task cancelTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException {
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException,
          InvalidTaskStateException {
    Task cancelledTask;
@ -877,7 +887,8 @@ public class TaskServiceImpl implements TaskService {
  @Override
  public Task terminateTask(String taskId)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException {
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN);
@ -1191,7 +1202,8 @@ public class TaskServiceImpl implements TaskService {
  }
  private TaskImpl terminateCancelCommonActions(String taskId, TaskState targetState)
-      throws NotAuthorizedException, TaskNotFoundException, InvalidStateException {
+      throws TaskNotFoundException, MismatchedWorkbasketPermissionException,
          InvalidTaskStateException {
    if (taskId == null || taskId.isEmpty()) {
      throw new TaskNotFoundException(taskId);
    }
@ -1216,8 +1228,8 @@ public class TaskServiceImpl implements TaskService {
  }
  private Task claim(String taskId, boolean forceClaim)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
    String userLongName = null;
    if (taskanaEngine.getEngine().getConfiguration().isAddAdditionalUserInfo()) {
@ -1258,8 +1270,8 @@ public class TaskServiceImpl implements TaskService {
  }
  private Task requestReview(String taskId, boolean force)
-      throws TaskNotFoundException, NotAuthorizedException, InvalidTaskStateException,
+      throws TaskNotFoundException, InvalidTaskStateException, InvalidOwnerException,
-          InvalidOwnerException {
+          MismatchedWorkbasketPermissionException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
    TaskImpl task;
    try {
@ -1309,8 +1321,8 @@ public class TaskServiceImpl implements TaskService {
  }
  private Task requestChanges(String taskId, boolean force)
-      throws InvalidTaskStateException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          InvalidOwnerException {
+          MismatchedWorkbasketPermissionException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
    TaskImpl task;
    try {
@ -1391,7 +1403,7 @@ public class TaskServiceImpl implements TaskService {
  }
  private void checkPreconditionsForClaimTask(TaskSummary task, boolean forced)
-      throws InvalidStateException, InvalidOwnerException {
+      throws InvalidOwnerException, InvalidTaskStateException {
    TaskState state = task.getState();
    if (state.isEndState()) {
      throw new InvalidTaskStateException(
@ -1412,7 +1424,7 @@ public class TaskServiceImpl implements TaskService {
  }
  private static void checkIfTaskIsTerminatedOrCancelled(TaskSummary task)
-      throws InvalidStateException {
+      throws InvalidTaskStateException {
    if (task.getState().in(TaskState.CANCELLED, TaskState.TERMINATED)) {
      throw new InvalidTaskStateException(
          task.getId(),
@ -1422,7 +1434,7 @@ public class TaskServiceImpl implements TaskService {
  }
  private void checkPreconditionsForCompleteTask(TaskSummary task)
-      throws InvalidStateException, InvalidOwnerException {
+      throws InvalidOwnerException, InvalidTaskStateException {
    if (taskIsNotClaimed(task)) {
      throw new InvalidTaskStateException(
          task.getId(), task.getState(), TaskState.CLAIMED, TaskState.IN_REVIEW);
@ -1438,8 +1450,8 @@ public class TaskServiceImpl implements TaskService {
  }
  private Task cancelClaim(String taskId, boolean forceUnclaim)
-      throws TaskNotFoundException, InvalidStateException, InvalidOwnerException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
    TaskImpl task;
    try {
@ -1482,8 +1494,8 @@ public class TaskServiceImpl implements TaskService {
  }
  private Task completeTask(String taskId, boolean isForced)
-      throws TaskNotFoundException, InvalidOwnerException, InvalidStateException,
+      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
-          NotAuthorizedException {
+          InvalidTaskStateException {
    String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
    TaskImpl task;
    try {
@ -1525,7 +1537,9 @@ public class TaskServiceImpl implements TaskService {
  }
  private void deleteTask(String taskId, boolean forceDelete)
-      throws TaskNotFoundException, InvalidStateException, NotAuthorizedException {
+      throws TaskNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
          InvalidCallbackStateException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN);
    TaskImpl task;
    try {
@ -2017,7 +2031,7 @@ public class TaskServiceImpl implements TaskService {
  }
  private void standardUpdateActions(TaskImpl oldTaskImpl, TaskImpl newTaskImpl)
-      throws InvalidArgumentException, InvalidStateException, ClassificationNotFoundException {
+      throws InvalidArgumentException, ClassificationNotFoundException, InvalidTaskStateException {
    if (oldTaskImpl.getExternalId() == null
        || !(oldTaskImpl.getExternalId().equals(newTaskImpl.getExternalId()))) {
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java
@ -15,7 +15,6 @@ import java.util.stream.Collectors;
 import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.EnumUtil;
@ -24,7 +23,6 @@ import pro.taskana.common.internal.util.ObjectAttributeChangeDetector;
 import pro.taskana.spi.history.api.events.task.TaskTransferredEvent;
 import pro.taskana.spi.history.internal.HistoryEventManager;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
@ -57,8 +55,8 @@ final class TaskTransferrer {
  }
  Task transfer(String taskId, String destinationWorkbasketId, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    WorkbasketSummary destinationWorkbasket =
        workbasketService.getWorkbasket(destinationWorkbasketId).asSummary();
    return transferSingleTask(taskId, destinationWorkbasket, setTransferFlag);
@ -69,8 +67,8 @@ final class TaskTransferrer {
      String destinationWorkbasketKey,
      String destinationDomain,
      boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    WorkbasketSummary destinationWorkbasket =
        workbasketService.getWorkbasket(destinationWorkbasketKey, destinationDomain).asSummary();
    return transferSingleTask(taskId, destinationWorkbasket, setTransferFlag);
@ -78,7 +76,8 @@ final class TaskTransferrer {
  BulkOperationResults<String, TaskanaException> transfer(
      List<String> taskIds, String destinationWorkbasketId, boolean setTransferFlag)
-      throws NotAuthorizedException, WorkbasketNotFoundException, InvalidArgumentException {
+      throws WorkbasketNotFoundException, InvalidArgumentException,
          MismatchedWorkbasketPermissionException {
    WorkbasketSummary destinationWorkbasket =
        workbasketService.getWorkbasket(destinationWorkbasketId).asSummary();
    checkDestinationWorkbasket(destinationWorkbasket);
@ -91,7 +90,8 @@ final class TaskTransferrer {
      String destinationWorkbasketKey,
      String destinationDomain,
      boolean setTransferFlag)
-      throws NotAuthorizedException, WorkbasketNotFoundException, InvalidArgumentException {
+      throws WorkbasketNotFoundException, InvalidArgumentException,
          MismatchedWorkbasketPermissionException {
    WorkbasketSummary destinationWorkbasket =
        workbasketService.getWorkbasket(destinationWorkbasketKey, destinationDomain).asSummary();
    checkDestinationWorkbasket(destinationWorkbasket);
@ -101,8 +101,8 @@ final class TaskTransferrer {
  private Task transferSingleTask(
      String taskId, WorkbasketSummary destinationWorkbasket, boolean setTransferFlag)
-      throws NotAuthorizedException, TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException,
-          InvalidStateException {
+          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
    try {
      taskanaEngine.openConnection();
      TaskImpl task = (TaskImpl) taskService.getTask(taskId);
@ -157,7 +157,8 @@ final class TaskTransferrer {
  private void checkPreconditionsForTransferTask(
      Task task, WorkbasketSummary destinationWorkbasket, WorkbasketSummary originWorkbasket)
-      throws NotAuthorizedException, WorkbasketNotFoundException, InvalidStateException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException,
          InvalidTaskStateException {
    if (task.getState().isEndState()) {
      throw new InvalidTaskStateException(
          task.getId(), task.getState(), EnumUtil.allValuesExceptFor(TaskState.END_STATES));
@ -167,7 +168,7 @@ final class TaskTransferrer {
  }
  private void checkDestinationWorkbasket(WorkbasketSummary destinationWorkbasket)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    workbasketService.checkAuthorization(
        destinationWorkbasket.getId(), WorkbasketPermission.APPEND);
--- a/lib/taskana-core/src/main/java/pro/taskana/task/internal/jobs/TaskCleanupJob.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/task/internal/jobs/TaskCleanupJob.java
@ -18,7 +18,7 @@ import pro.taskana.common.api.ScheduledJob;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.JobServiceImpl;
@ -146,7 +146,7 @@ public class TaskCleanupJob extends AbstractTaskanaJob {
  }
  private int deleteTasks(List<TaskSummary> tasksToBeDeleted)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    List<String> tasksIdsToBeDeleted =
        tasksToBeDeleted.stream().map(TaskSummary::getId).collect(Collectors.toList());
--- a/lib/taskana-core/src/main/java/pro/taskana/user/api/UserService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/user/api/UserService.java
@ -4,7 +4,7 @@ import java.util.List;
 import java.util.Set;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
 import pro.taskana.user.api.exceptions.UserNotFoundException;
 import pro.taskana.user.api.models.User;
@ -41,14 +41,14 @@ public interface UserService {
   * @param userToCreate the {@linkplain User} which should be inserted
   * @return the inserted {@linkplain User}
   * @throws InvalidArgumentException if some fields are not set properly
-   * @throws NotAuthorizedException if the current user is not {@linkplain
+   * @throws MismatchedRoleException if the current user is not {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   * @throws UserAlreadyExistException if there already exists a {@linkplain User} with the
   *     specified {@linkplain User#getId() id} inside the database
   */
  User createUser(User userToCreate)
-      throws InvalidArgumentException, NotAuthorizedException, UserAlreadyExistException;
+      throws InvalidArgumentException, UserAlreadyExistException, MismatchedRoleException;
  /**
   * Gets a {@linkplain User}.
@ -85,7 +85,7 @@ public interface UserService {
   *
   * @param userToUpdate the {@linkplain User} which should be updated
   * @return the updated {@linkplain User}
-   * @throws NotAuthorizedException if the current user is not {@linkplain
+   * @throws MismatchedRoleException if the current user is not {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   * @throws UserNotFoundException if there does not exist a {@linkplain User} with the specified
@ -93,7 +93,7 @@ public interface UserService {
   * @throws InvalidArgumentException if some fields are not set properly
   */
  User updateUser(User userToUpdate)
-      throws UserNotFoundException, NotAuthorizedException, InvalidArgumentException;
+      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException;
  /**
   * Deletes a {@linkplain User}.
@ -103,7 +103,7 @@ public interface UserService {
   * gets deleted.
   *
   * @param id the {@linkplain User#getId() id} of the {@linkplain User} which should be deleted
-   * @throws NotAuthorizedException if the current user is not {@linkplain
+   * @throws MismatchedRoleException if the current user is not {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   * @throws UserNotFoundException if there does not exist a {@linkplain User} with the specified
@ -111,5 +111,5 @@ public interface UserService {
   * @throws InvalidArgumentException if the userIds parameter is NULL or empty
   */
  void deleteUser(String id)
-      throws UserNotFoundException, NotAuthorizedException, InvalidArgumentException;
+      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException;
 }
--- a/lib/taskana-core/src/main/java/pro/taskana/user/api/exceptions/UserNotFoundException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/user/api/exceptions/UserNotFoundException.java
@ -1,7 +1,7 @@
 package pro.taskana.user.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotFoundException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.user.api.models.User;
@ -9,7 +9,7 @@ import pro.taskana.user.api.models.User;
 * This exception is thrown when a specific {@linkplain User} referenced by its {@linkplain
 * User#getId() id} is not in the database.
 */
-public class UserNotFoundException extends NotFoundException {
+public class UserNotFoundException extends TaskanaException {
  public static final String ERROR_KEY = "USER_NOT_FOUND";
  private final String userId;
--- a/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java
@ -15,7 +15,7 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.BaseQuery.SortDirection;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.user.api.UserService;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
@ -90,7 +90,7 @@ public class UserServiceImpl implements UserService {
  @Override
  public User createUser(User userToCreate)
-      throws InvalidArgumentException, NotAuthorizedException, UserAlreadyExistException {
+      throws InvalidArgumentException, UserAlreadyExistException, MismatchedRoleException {
    internalTaskanaEngine
        .getEngine()
        .checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -107,7 +107,7 @@ public class UserServiceImpl implements UserService {
  @Override
  public User updateUser(User userToUpdate)
-      throws UserNotFoundException, NotAuthorizedException, InvalidArgumentException {
+      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException {
    internalTaskanaEngine
        .getEngine()
        .checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -132,7 +132,7 @@ public class UserServiceImpl implements UserService {
  @Override
  public void deleteUser(String id)
-      throws UserNotFoundException, NotAuthorizedException, InvalidArgumentException {
+      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException {
    internalTaskanaEngine
        .getEngine()
        .checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketQuery.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketQuery.java
@ -3,9 +3,10 @@ package pro.taskana.workbasket.api;
 import java.util.List;
 import pro.taskana.common.api.BaseQuery;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 /** WorkitemQuery for generating dynamic sql. */
@ -151,12 +152,12 @@ public interface WorkbasketQuery extends BaseQuery<WorkbasketSummary, Workbasket
   * @param accessIds Users which should be checked for given permissions on workbaskets.
   * @return the current query object.
   * @throws InvalidArgumentException if permissions OR the accessIds are NULL or empty.
-   * @throws NotAuthorizedException if the current user is not member of role BUSINESS_ADMIN or
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
-   *     ADMIN
+   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   */
  WorkbasketQuery accessIdsHavePermissions(
      List<WorkbasketPermission> permissions, String... accessIds)
-      throws InvalidArgumentException, NotAuthorizedException;
+      throws InvalidArgumentException, MismatchedRoleException;
  /**
   * Add condition to query if the caller (one of the accessIds of the caller) has the given
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketService.java
@ -3,12 +3,14 @@ package pro.taskana.workbasket.api;
 import java.util.List;
 import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.user.api.models.User;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAccessItemAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketInUseException;
@ -47,7 +49,7 @@ public interface WorkbasketService {
   * @return the created and inserted {@linkplain Workbasket}
   * @throws InvalidArgumentException If a required property of the {@linkplain Workbasket} is not
   *     set.
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   * @throws WorkbasketAlreadyExistException if the {@linkplain Workbasket} exists already
@ -55,8 +57,8 @@ public interface WorkbasketService {
   *     exist in the configuration.
   */
  Workbasket createWorkbasket(Workbasket workbasket)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketAlreadyExistException,
+      throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          DomainNotFoundException;
+          MismatchedRoleException;
  // READ
@ -69,11 +71,11 @@ public interface WorkbasketService {
   * @return the requested Workbasket
   * @throws WorkbasketNotFoundException If the {@linkplain Workbasket} with workbasketId is not
   *     found
-   * @throws NotAuthorizedException If the current user or group does not have the {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
-   *     WorkbasketPermission permissions} for interactions.
+   *     WorkbasketPermission#READ} for the requested {@linkplain Workbasket}
   */
  Workbasket getWorkbasket(String workbasketId)
-      throws WorkbasketNotFoundException, NotAuthorizedException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  /**
   * Get the {@linkplain Workbasket} specified by the given {@linkplain WorkbasketSummary#getKey()
@ -86,11 +88,11 @@ public interface WorkbasketService {
   * @return the requested {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException If the {@linkplain Workbasket} with workbasketId is not
   *     found
-   * @throws NotAuthorizedException If the current user or group does not have the {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
-   *     WorkbasketPermission permissions} for interactions.
+   *     WorkbasketPermission#READ} for the requested {@linkplain Workbasket}
   */
  Workbasket getWorkbasket(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, NotAuthorizedException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  // UPDATE
@ -101,16 +103,17 @@ public interface WorkbasketService {
   * @return the updated {@linkplain Workbasket}
   * @throws InvalidArgumentException if {@linkplain Workbasket#getName() name} or {@linkplain
   *     Workbasket#getType() type} of the {@linkplain Workbasket} is invalid
-   * @throws NotAuthorizedException if the current user is not authorized to update the {@linkplain
+   * @throws MismatchedWorkbasketPermissionException This is never thrown
-   *     Workbasket}
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} cannot be found.
   * @throws ConcurrencyException if an attempt is made to update the {@linkplain Workbasket} and
   *     another user updated it already; that's the case if the given modified timestamp differs
   *     from the one in the database
   */
  Workbasket updateWorkbasket(Workbasket workbasket)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException,
+      throws InvalidArgumentException, WorkbasketNotFoundException, ConcurrencyException,
-          ConcurrencyException;
+          MismatchedRoleException, MismatchedWorkbasketPermissionException;
  // DELETE
@ -121,15 +124,16 @@ public interface WorkbasketService {
   *     should be deleted.
   * @return true if the {@linkplain Workbasket} was deleted successfully; false if the {@linkplain
   *     Workbasket} is marked for deletion
-   * @throws NotAuthorizedException if the current user got no {@linkplain WorkbasketPermission}s
+   * @throws MismatchedWorkbasketPermissionException This is never thrown
-   *     for this interaction
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} does not exist
   * @throws WorkbasketInUseException if the {@linkplain Workbasket} does contain task-content
   * @throws InvalidArgumentException if the workbasketId is NULL or EMPTY
   */
  boolean deleteWorkbasket(String workbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException, WorkbasketInUseException,
+      throws WorkbasketNotFoundException, WorkbasketInUseException, InvalidArgumentException,
-          InvalidArgumentException;
+          MismatchedRoleException, MismatchedWorkbasketPermissionException;
  /**
   * Deletes the list of {@linkplain Workbasket}s specified via {@linkplain Workbasket#getId() ids}.
@ -138,11 +142,11 @@ public interface WorkbasketService {
   *     to delete.
   * @return the result of the operations and an Exception for each failed workbasket deletion
   * @throws InvalidArgumentException if the WorkbasketIds parameter List is NULL or empty
-   * @throws NotAuthorizedException if the current user got no {@linkplain WorkbasketPermission} for
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
-   *     this interaction
+   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   */
  BulkOperationResults<String, TaskanaException> deleteWorkbaskets(List<String> workbasketsIds)
-      throws NotAuthorizedException, InvalidArgumentException;
+      throws InvalidArgumentException, MismatchedRoleException;
  // endregion
@ -156,13 +160,15 @@ public interface WorkbasketService {
   * @param sourceWorkbasketId the {@linkplain Workbasket#getId() id} of the source {@linkplain
   *     Workbasket} for which the distribution targets are to be set
   * @param targetWorkbasketIds a list of the ids of the target {@linkplain Workbasket}s
-   * @throws NotAuthorizedException if the current used doesn't have {@linkplain
+   * @throws MismatchedWorkbasketPermissionException This is never thrown
-   *     WorkbasketPermission#READ READ permission} for the source {@linkplain Workbasket}
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   * @throws WorkbasketNotFoundException if either the source {@linkplain Workbasket} or any of the
   *     target {@linkplain Workbasket}s don't exist
   */
  void setDistributionTargets(String sourceWorkbasketId, List<String> targetWorkbasketIds)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException;
  // READ
@ -172,12 +178,12 @@ public interface WorkbasketService {
   * @param workbasketId the {@linkplain Workbasket#getId() id} of the referenced {@linkplain
   *     Workbasket}
   * @return the distribution targets of the specified {@linkplain Workbasket}
-   * @throws NotAuthorizedException if the current user has no {@linkplain WorkbasketPermission#READ
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
-   *     READ permission} for the specified {@linkplain Workbasket}
+   *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
   */
  List<WorkbasketSummary> getDistributionTargets(String workbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  /**
   * Returns the distribution targets for a given {@linkplain Workbasket}.
@ -187,12 +193,12 @@ public interface WorkbasketService {
   * @param domain the {@linkplain Workbasket#getDomain() domain} of the referenced {@linkplain
   *     Workbasket}
   * @return the distribution targets of the specified {@linkplain Workbasket}
-   * @throws NotAuthorizedException if the current user has no {@linkplain WorkbasketPermission#READ
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
-   *     READ permission} for the specified {@linkplain Workbasket}
+   *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
   */
  List<WorkbasketSummary> getDistributionTargets(String workbasketKey, String domain)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  /**
   * Returns the distribution sources for a given {@linkplain Workbasket}.
@ -200,12 +206,12 @@ public interface WorkbasketService {
   * @param workbasketId the {@linkplain Workbasket#getId() id} of the referenced {@linkplain
   *     Workbasket}
   * @return the workbaskets that are distribution sources of the specified {@linkplain Workbasket}.
-   * @throws NotAuthorizedException if the current user has no {@linkplain WorkbasketPermission#READ
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
-   *     READ permission} for the specified {@linkplain Workbasket}
+   *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
   */
  List<WorkbasketSummary> getDistributionSources(String workbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  /**
   * Returns the distribution sources for a given {@linkplain Workbasket}.
@ -215,12 +221,12 @@ public interface WorkbasketService {
   * @param domain the {@linkplain Workbasket#getDomain() domain} of the referenced {@linkplain
   *     Workbasket}
   * @return the workbaskets that are distribution sources of the specified {@linkplain Workbasket}.
-   * @throws NotAuthorizedException if the current user has no {@linkplain WorkbasketPermission#READ
+   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
-   *     READ permission} for the specified {@linkplain Workbasket}
+   *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
   */
  List<WorkbasketSummary> getDistributionSources(String workbasketKey, String domain)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  // UPDATE
@ -232,13 +238,16 @@ public interface WorkbasketService {
   *     Workbasket}
   * @param targetWorkbasketId the {@linkplain Workbasket#getId() id} of the target {@linkplain
   *     Workbasket}
-   * @throws NotAuthorizedException if the current user doesn't have {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user doesn't have {@linkplain
   *     WorkbasketPermission#READ READ permission} for the source {@linkplain Workbasket}s
   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   * @throws WorkbasketNotFoundException if either the source {@linkplain Workbasket} or the target
   *     {@linkplain Workbasket} doesn't exist
   */
  void addDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException;
  // DELETE
@ -250,11 +259,13 @@ public interface WorkbasketService {
   *     Workbasket}
   * @param targetWorkbasketId The {@linkplain Workbasket#getId() id} of the target {@linkplain
   *     Workbasket}
-   * @throws NotAuthorizedException If the current user doesn't have {@linkplain
+   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have {@linkplain
   *     WorkbasketPermission#READ READ permission} for the source {@linkplain Workbasket}
   * @throws MismatchedRoleException if the current user is not member of {@linkplain
   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
   */
  void removeDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws NotAuthorizedException;
+      throws MismatchedRoleException, MismatchedWorkbasketPermissionException;
  // endregion
@ -281,7 +292,7 @@ public interface WorkbasketService {
   * @param workbasketAccessItem the new {@linkplain WorkbasketAccessItem}
   * @return the created {@linkplain WorkbasketAccessItem}
   * @throws InvalidArgumentException if the preconditions don't match the required ones.
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   * @throws WorkbasketNotFoundException if the {@linkplain WorkbasketAccessItem} refers to a not
@ -291,8 +302,8 @@ public interface WorkbasketService {
   *     and {@linkplain Workbasket}
   */
  WorkbasketAccessItem createWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException,
+      throws InvalidArgumentException, WorkbasketNotFoundException,
-          WorkbasketAccessItemAlreadyExistException;
+          WorkbasketAccessItemAlreadyExistException, MismatchedRoleException;
  /**
   * Setting up the new {@linkplain WorkbasketAccessItem}s for a {@linkplain Workbasket}. Already
@ -312,9 +323,9 @@ public interface WorkbasketService {
   *     stored ones.
   * @throws InvalidArgumentException will be thrown when the parameter {@code wbAccessItems} is
   *     NULL or member doesn't match the preconditions
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of {@linkplain
-   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
+   *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
-   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
+   * @throws MismatchedWorkbasketPermissionException This is never thrown
   * @throws WorkbasketAccessItemAlreadyExistException if {@code wbAccessItems} contains multiple
   *     {@linkplain WorkbasketAccessItem} with the same {@linkplain
   *     WorkbasketAccessItem#getAccessId() accessId}.
@ -322,8 +333,9 @@ public interface WorkbasketService {
   *     given {@linkplain Workbasket#getId() id}.
   */
  void setWorkbasketAccessItems(String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
-      throws InvalidArgumentException, NotAuthorizedException,
+      throws InvalidArgumentException, WorkbasketAccessItemAlreadyExistException,
-          WorkbasketAccessItemAlreadyExistException, WorkbasketNotFoundException;
+          WorkbasketNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException;
  // READ
@ -332,12 +344,12 @@ public interface WorkbasketService {
   *
   * @param workbasketId the {@linkplain Workbasket#getId() id} of the {@linkplain Workbasket}
   * @return List of {@linkplain WorkbasketAccessItem}s for the {@linkplain Workbasket}
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN}
   */
  List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId)
-      throws NotAuthorizedException;
+      throws MismatchedRoleException;
  // UPDATE
@ -349,12 +361,12 @@ public interface WorkbasketService {
   * @throws InvalidArgumentException if {@linkplain WorkbasketAccessItem#getAccessId() accessId} or
   *     {@linkplain WorkbasketAccessItem#getWorkbasketId() workbasketId} is changed in the
   *     {@linkplain WorkbasketAccessItem}
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   */
  WorkbasketAccessItem updateWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
-      throws InvalidArgumentException, NotAuthorizedException;
+      throws InvalidArgumentException, MismatchedRoleException;
  // DELETE
@ -363,22 +375,22 @@ public interface WorkbasketService {
   *
   * @param id the {@linkplain WorkbasketAccessItem#getId() id} of the {@linkplain
   *     WorkbasketAccessItem} to be deleted
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   */
-  void deleteWorkbasketAccessItem(String id) throws NotAuthorizedException;
+  void deleteWorkbasketAccessItem(String id) throws MismatchedRoleException;
  /**
   * Deletes all {@linkplain WorkbasketAccessItem}s using the given {@linkplain
   * WorkbasketAccessItem#getAccessId()}.
   *
   * @param accessId {@linkplain User#getId() id} of a taskana-{@linkplain User}.
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   */
-  void deleteWorkbasketAccessItemsForAccessId(String accessId) throws NotAuthorizedException;
+  void deleteWorkbasketAccessItemsForAccessId(String accessId) throws MismatchedRoleException;
  // endregion
@ -394,11 +406,11 @@ public interface WorkbasketService {
   * This method provides a query builder for querying the database.
   *
   * @return a {@linkplain WorkbasketAccessItemQuery}
-   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
+   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
   *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
   *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
   */
-  WorkbasketAccessItemQuery createWorkbasketAccessItemQuery() throws NotAuthorizedException;
+  WorkbasketAccessItemQuery createWorkbasketAccessItemQuery() throws MismatchedRoleException;
  // endregion
  // region Permission and Authorization
@ -425,13 +437,13 @@ public interface WorkbasketService {
   *     want to access
   * @param permission the needed {@linkplain WorkbasketPermission}; if more than one {@linkplain
   *     WorkbasketPermission permission} is specified, the current user needs all of them
-   * @throws NotAuthorizedException if the current user has not the requested authorization for the
+   * @throws MismatchedWorkbasketPermissionException if the current user has not the requested
-   *     specified {@linkplain Workbasket}
+   *     authorization for the specified {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} cannot be found for the
   *     given {@linkplain Workbasket#getId() id}.
   */
  void checkAuthorization(String workbasketId, WorkbasketPermission... permission)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  /**
   * This method checks the authorization for the actual User.
@ -442,13 +454,13 @@ public interface WorkbasketService {
   *     want to access
   * @param permission the needed {@linkplain WorkbasketPermission}; if more than one {@linkplain
   *     WorkbasketPermission permission} is specified, the current user needs all of them.
-   * @throws NotAuthorizedException if the current user has not the requested {@linkplain
+   * @throws MismatchedWorkbasketPermissionException if the current user has not the requested
-   *     WorkbasketPermission permission} for the specified {@linkplain Workbasket}
+   *     {@linkplain WorkbasketPermission permission} for the specified {@linkplain Workbasket}
   * @throws WorkbasketNotFoundException if no {@linkplain Workbasket} can be found for the given
   *     {@linkplain Workbasket#getKey() key} and {@linkplain Workbasket#getDomain() domain} values.
   */
  void checkAuthorization(String workbasketKey, String domain, WorkbasketPermission... permission)
-      throws NotAuthorizedException, WorkbasketNotFoundException;
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
  // endregion
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/exceptions/MismatchedWorkbasketPermissionException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/exceptions/MismatchedWorkbasketPermissionException.java
@ -3,7 +3,7 @@ package pro.taskana.workbasket.api.exceptions;
 import java.util.Arrays;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.models.Workbasket;
@ -12,7 +12,7 @@ import pro.taskana.workbasket.api.models.Workbasket;
 * This exception is thrown when the current user does not have a certain {@linkplain
 * WorkbasketPermission permission} on a {@linkplain Workbasket}.
 */
-public class MismatchedWorkbasketPermissionException extends NotAuthorizedException {
+public class MismatchedWorkbasketPermissionException extends TaskanaException {
  public static final String ERROR_KEY_KEY_DOMAIN = "WORKBASKET_WITH_KEY_MISMATCHED_PERMISSION";
  public static final String ERROR_KEY_ID = "WORKBASKET_WITH_ID_MISMATCHED_PERMISSION";
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/exceptions/WorkbasketNotFoundException.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/api/exceptions/WorkbasketNotFoundException.java
@ -1,12 +1,12 @@
 package pro.taskana.workbasket.api.exceptions;
 import pro.taskana.common.api.exceptions.ErrorCode;
-import pro.taskana.common.api.exceptions.NotFoundException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.MapCreator;
 import pro.taskana.workbasket.api.models.Workbasket;
 /** This exception is thrown when a specific {@linkplain Workbasket} is not in the database. */
-public class WorkbasketNotFoundException extends NotFoundException {
+public class WorkbasketNotFoundException extends TaskanaException {
  public static final String ERROR_KEY_ID = "WORKBASKET_WITH_ID_NOT_FOUND";
  public static final String ERROR_KEY_KEY_DOMAIN = "WORKBASKET_WITH_KEY_NOT_FOUND";
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java
@ -10,7 +10,7 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaRuntimeException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
@ -167,7 +167,7 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
  @Override
  public WorkbasketQuery accessIdsHavePermissions(
      List<WorkbasketPermission> permissions, String... accessIds)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    taskanaEngine
        .getEngine()
        .checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN);
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
@ -21,7 +21,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
@ -82,7 +82,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public Workbasket getWorkbasket(String workbasketId)
-      throws WorkbasketNotFoundException, NotAuthorizedException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    Workbasket result;
    try {
      taskanaEngine.openConnection();
@ -109,7 +109,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public Workbasket getWorkbasket(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, NotAuthorizedException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    if (!taskanaEngine
        .getEngine()
        .isUserInRole(
@ -132,8 +132,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public Workbasket createWorkbasket(Workbasket newWorkbasket)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketAlreadyExistException,
+      throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          DomainNotFoundException {
+          MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    WorkbasketImpl workbasket = (WorkbasketImpl) newWorkbasket;
@ -179,8 +179,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public Workbasket updateWorkbasket(Workbasket workbasketToUpdate)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException,
+      throws InvalidArgumentException, WorkbasketNotFoundException, ConcurrencyException,
-          ConcurrencyException {
+          MismatchedRoleException, MismatchedWorkbasketPermissionException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    WorkbasketImpl workbasketImplToUpdate = (WorkbasketImpl) workbasketToUpdate;
@ -251,8 +251,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public WorkbasketAccessItem createWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketNotFoundException,
+      throws InvalidArgumentException, WorkbasketNotFoundException,
-          WorkbasketAccessItemAlreadyExistException {
+          WorkbasketAccessItemAlreadyExistException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    WorkbasketAccessItemImpl accessItem = (WorkbasketAccessItemImpl) workbasketAccessItem;
@ -320,7 +320,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public WorkbasketAccessItem updateWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    WorkbasketAccessItemImpl accessItem = (WorkbasketAccessItemImpl) workbasketAccessItem;
@ -364,7 +364,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  }
  @Override
-  public void deleteWorkbasketAccessItem(String accessItemId) throws NotAuthorizedException {
+  public void deleteWorkbasketAccessItem(String accessItemId) throws MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
      taskanaEngine.openConnection();
@ -403,7 +403,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void checkAuthorization(String workbasketId, WorkbasketPermission... requestedPermissions)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    try {
      taskanaEngine.openConnection();
@ -438,7 +438,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void checkAuthorization(
      String workbasketKey, String domain, WorkbasketPermission... requestedPermissions)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    try {
      taskanaEngine.openConnection();
@ -473,7 +473,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId)
-      throws NotAuthorizedException {
+      throws MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    List<WorkbasketAccessItem> result = new ArrayList<>();
    try {
@ -490,8 +490,9 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void setWorkbasketAccessItems(
      String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
-      throws NotAuthorizedException, WorkbasketAccessItemAlreadyExistException,
+      throws WorkbasketAccessItemAlreadyExistException, InvalidArgumentException,
-          InvalidArgumentException, WorkbasketNotFoundException {
+          WorkbasketNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    Set<WorkbasketAccessItemImpl> accessItems =
@ -537,7 +538,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  }
  @Override
-  public WorkbasketAccessItemQuery createWorkbasketAccessItemQuery() throws NotAuthorizedException {
+  public WorkbasketAccessItemQuery createWorkbasketAccessItemQuery()
      throws MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN);
    return new WorkbasketAccessItemQueryImpl(this.taskanaEngine);
  }
@ -560,7 +562,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public List<WorkbasketSummary> getDistributionTargets(String workbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    List<WorkbasketSummary> result = new ArrayList<>();
    try {
      taskanaEngine.openConnection();
@ -582,7 +584,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public List<WorkbasketSummary> getDistributionTargets(String workbasketKey, String domain)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    List<WorkbasketSummary> result = new ArrayList<>();
    try {
@ -605,7 +607,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void setDistributionTargets(String sourceWorkbasketId, List<String> targetWorkbasketIds)
-      throws WorkbasketNotFoundException, NotAuthorizedException {
+      throws WorkbasketNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
@ -666,7 +669,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void addDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedRoleException,
          MismatchedWorkbasketPermissionException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
@ -717,7 +721,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void removeDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws NotAuthorizedException {
+      throws MismatchedRoleException, MismatchedWorkbasketPermissionException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
@ -782,8 +786,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public boolean deleteWorkbasket(String workbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException, WorkbasketInUseException,
+      throws WorkbasketNotFoundException, WorkbasketInUseException, InvalidArgumentException,
-          InvalidArgumentException {
+          MismatchedRoleException, MismatchedWorkbasketPermissionException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    validateId(workbasketId);
@ -843,7 +847,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  }
  public BulkOperationResults<String, TaskanaException> deleteWorkbaskets(
-      List<String> workbasketsIds) throws NotAuthorizedException, InvalidArgumentException {
+      List<String> workbasketsIds) throws InvalidArgumentException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@ -876,7 +880,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public List<WorkbasketSummary> getDistributionSources(String workbasketId)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    List<WorkbasketSummary> result = new ArrayList<>();
    try {
      taskanaEngine.openConnection();
@ -896,7 +900,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public List<WorkbasketSummary> getDistributionSources(String workbasketKey, String domain)
-      throws NotAuthorizedException, WorkbasketNotFoundException {
+      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
    List<WorkbasketSummary> result = new ArrayList<>();
    try {
@ -917,7 +921,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  @Override
  public void deleteWorkbasketAccessItemsForAccessId(String accessId)
-      throws NotAuthorizedException {
+      throws MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
      taskanaEngine.openConnection();
@ -1111,7 +1115,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
  }
  private void markWorkbasketForDeletion(String workbasketId)
-      throws NotAuthorizedException, InvalidArgumentException {
+      throws InvalidArgumentException, MismatchedRoleException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    try {
      taskanaEngine.openConnection();
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/jobs/WorkbasketCleanupJob.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/jobs/WorkbasketCleanupJob.java
@ -9,7 +9,7 @@ import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.ScheduledJob;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.JobServiceImpl;
@ -91,7 +91,7 @@ public class WorkbasketCleanupJob extends AbstractTaskanaJob {
  }
  private int deleteWorkbaskets(List<String> workbasketsToBeDeleted)
-      throws InvalidArgumentException, NotAuthorizedException {
+      throws InvalidArgumentException, MismatchedRoleException {
    BulkOperationResults<String, TaskanaException> results =
        taskanaEngineImpl.getWorkbasketService().deleteWorkbaskets(workbasketsToBeDeleted);
--- a/lib/taskana-core/src/test/java/acceptance/report/GetCustomAttributeValuesForReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/GetCustomAttributeValuesForReportAccTest.java
@ -8,7 +8,7 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -27,7 +27,7 @@ class GetCustomAttributeValuesForReportAccTest extends AbstractReportAccTest {
            MONITOR_SERVICE
                .createWorkbasketReportBuilder()
                .listCustomAttributeValuesForCustomAttributeName(TaskCustomField.CUSTOM_2);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfClassificationCategoryReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfClassificationCategoryReportAccTest.java
@ -17,7 +17,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -45,7 +45,7 @@ class GetTaskIdsOfClassificationCategoryReportAccTest extends AbstractReportAccT
            MONITOR_SERVICE
                .createClassificationCategoryReportBuilder()
                .listTaskIdsForSelectedItems(List.of(), TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfClassificationReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfClassificationReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -45,7 +45,7 @@ class GetTaskIdsOfClassificationReportAccTest extends AbstractReportAccTest {
            MONITOR_SERVICE
                .createClassificationReportBuilder()
                .listTaskIdsForSelectedItems(selectedItems, TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfTaskCustomFieldValueReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfTaskCustomFieldValueReportAccTest.java
@ -17,7 +17,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -47,7 +47,7 @@ class GetTaskIdsOfTaskCustomFieldValueReportAccTest extends AbstractReportAccTes
            MONITOR_SERVICE
                .createTaskCustomFieldValueReportBuilder(TaskCustomField.CUSTOM_1)
                .listTaskIdsForSelectedItems(List.of(), TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfWorkbasketReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfWorkbasketReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
@ -44,7 +44,7 @@ class GetTaskIdsOfWorkbasketReportAccTest extends AbstractReportAccTest {
            MONITOR_SERVICE
                .createWorkbasketReportBuilder()
                .listTaskIdsForSelectedItems(List.of(), TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/ProvideClassificationCategoryReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/ProvideClassificationCategoryReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -37,7 +37,7 @@ class ProvideClassificationCategoryReportAccTest extends AbstractReportAccTest {
  void testRoleCheck() {
    ThrowingCallable call =
        () -> MONITOR_SERVICE.createClassificationCategoryReportBuilder().buildReport();
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/ProvideClassificationReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/ProvideClassificationReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -36,7 +36,7 @@ class ProvideClassificationReportAccTest extends AbstractReportAccTest {
  @Test
  void testRoleCheck() {
    assertThatThrownBy(() -> MONITOR_SERVICE.createClassificationReportBuilder().buildReport())
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/ProvideDetailedClassificationReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/ProvideDetailedClassificationReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -41,7 +41,7 @@ class ProvideDetailedClassificationReportAccTest extends AbstractReportAccTest {
  void testRoleCheck() {
    ThrowingCallable call =
        () -> MONITOR_SERVICE.createClassificationReportBuilder().buildDetailedReport();
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/ProvideTaskCustomFieldValueReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/ProvideTaskCustomFieldValueReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -41,7 +41,7 @@ class ProvideTaskCustomFieldValueReportAccTest extends AbstractReportAccTest {
              .createTaskCustomFieldValueReportBuilder(TaskCustomField.CUSTOM_1)
              .buildReport();
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/report/ProvideTaskStatusReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/ProvideTaskStatusReportAccTest.java
@ -11,7 +11,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@ -34,7 +34,7 @@ class ProvideTaskStatusReportAccTest extends AbstractReportAccTest {
  @Test
  void should_ThrowException_When_UserIsNotAuthorized() {
    assertThatThrownBy(() -> MONITOR_SERVICE.createTaskStatusReportBuilder().buildReport())
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "unknown")
@ -44,7 +44,7 @@ class ProvideTaskStatusReportAccTest extends AbstractReportAccTest {
  @TestTemplate
  void should_ThrowException_When_UserIsNotAdminOrMonitor() {
    assertThatThrownBy(() -> MONITOR_SERVICE.createTaskStatusReportBuilder().buildReport())
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "admin")
--- a/lib/taskana-core/src/test/java/acceptance/report/ProvideWorkbasketReportAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/report/ProvideWorkbasketReportAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
@ -36,7 +36,7 @@ class ProvideWorkbasketReportAccTest extends AbstractReportAccTest {
  @Test
  void testRoleCheck() {
    assertThatThrownBy(() -> MONITOR_SERVICE.createWorkbasketReportBuilder().buildReport())
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "monitor")
--- a/lib/taskana-core/src/test/java/acceptance/security/TaskanaSecurityAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/security/TaskanaSecurityAccTest.java
@ -10,7 +10,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
@ -27,7 +27,7 @@ class TaskanaSecurityAccTest extends AbstractAccTest {
    assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
    assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
    ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
@ -50,7 +50,7 @@ class TaskanaSecurityAccTest extends AbstractAccTest {
    assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
    assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
    ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "user-1-1", groups = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/task/CallbackStateAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/CallbackStateAccTest.java
@ -22,7 +22,6 @@ import pro.taskana.task.api.CallbackState;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidCallbackStateException;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.task.internal.models.TaskImpl;
@ -72,7 +71,7 @@ class CallbackStateAccTest extends AbstractAccTest {
      CallbackState.NONE, CallbackState.CLAIMED, CallbackState.CALLBACK_PROCESSING_COMPLETED
    };
    assertThatThrownBy(call)
-        .isInstanceOf(InvalidStateException.class)
+        .isInstanceOf(InvalidCallbackStateException.class)
        .hasMessage(
            "Expected callback state of Task with id '%s' to be: '%s', but found '%s'",
            createdTask.getId(),
@ -85,7 +84,7 @@ class CallbackStateAccTest extends AbstractAccTest {
    call = () -> taskService.forceDeleteTask(createdTask2.getId());
    assertThatThrownBy(call)
-        .isInstanceOf(InvalidStateException.class)
+        .isInstanceOf(InvalidCallbackStateException.class)
        .hasMessage(
            "Expected callback state of Task with id '%s' to be: '%s', but found '%s'",
            createdTask2.getId(),
@ -96,7 +95,7 @@ class CallbackStateAccTest extends AbstractAccTest {
    call = () -> taskService.forceDeleteTask(createdTask3.getId());
    assertThatThrownBy(call)
-        .isInstanceOf(InvalidStateException.class)
+        .isInstanceOf(InvalidCallbackStateException.class)
        .hasMessage(
            "Expected callback state of Task with id '%s' to be: '%s', but found '%s'",
            createdTask3.getId(),
--- a/lib/taskana-core/src/test/java/acceptance/task/ServiceLevelPriorityAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/ServiceLevelPriorityAccTest.java
@ -22,13 +22,13 @@ import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.WorkingDaysToDaysConverter;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 /** Acceptance test for all "create task" scenarios. */
@ExtendWith(JaasExtension.class)
@ -343,7 +343,8 @@ class ServiceLevelPriorityAccTest extends AbstractAccTest {
    assertThat(results.containsErrors()).isTrue();
    assertThat(results.getFailedIds()).hasSize(3).containsAnyElementsOf(taskIds);
-    assertThat(results.getErrorMap().values()).hasOnlyElementsOfType(NotAuthorizedException.class);
+    assertThat(results.getErrorMap().values())
        .hasOnlyElementsOfType(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "admin")
--- a/lib/taskana-core/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java
@ -9,13 +9,13 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
@ExtendWith(JaasExtension.class)
 class ClaimTaskAccTest extends AbstractAccTest {
@ -129,14 +129,14 @@ class ClaimTaskAccTest extends AbstractAccTest {
  @Test
  void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsReady() {
    assertThatThrownBy(() -> taskService.claim("TKI:000000000000000000000000000000000000"))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-taskrouter")
  @Test
  void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsReadyForReview() {
    assertThatThrownBy(() -> taskService.claim("TKI:500000000000000000000000000000000028"))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-2")
--- a/lib/taskana-core/src/test/java/acceptance/task/claim/SetOwnerAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/claim/SetOwnerAccTest.java
@ -14,13 +14,11 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
@ -78,9 +76,9 @@ class SetOwnerAccTest extends AbstractAccTest {
    String anyUserName = "TestUser3";
    assertThatThrownBy(() -> taskService.getTask(taskReadyId))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
    assertThatThrownBy(() -> setOwner(taskReadyId, anyUserName))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-2")
@ -94,7 +92,7 @@ class SetOwnerAccTest extends AbstractAccTest {
    assertThat(taskClaimed.getState()).isEqualTo(TaskState.CLAIMED);
    assertThat(taskClaimed.getOwner()).isEqualTo("user-1-1");
    assertThatThrownBy(() -> setOwner(taskClaimedId, anyUserName))
-        .isInstanceOf(InvalidStateException.class);
+        .isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "user-1-2")
@ -210,7 +208,8 @@ class SetOwnerAccTest extends AbstractAccTest {
    assertThat(results.getErrorMap())
        .hasSize(95)
        .extractingFromEntries(Entry::getValue)
-        .hasOnlyElementsOfTypes(InvalidTaskStateException.class, NotAuthorizedException.class)
+        .hasOnlyElementsOfTypes(
            InvalidTaskStateException.class, MismatchedWorkbasketPermissionException.class)
        .areExactly(35, invalidTaskStateException)
        .areExactly(60, mismatchedWorkbasketPermissionException);
  }
@ -229,7 +228,7 @@ class SetOwnerAccTest extends AbstractAccTest {
    assertThat(results.getErrorMap())
        .hasSize(49)
        .extractingFromEntries(Entry::getValue)
-        .hasOnlyElementsOfType(InvalidStateException.class);
+        .hasOnlyElementsOfType(InvalidTaskStateException.class);
  }
  private Task setOwner(String taskReadyId, String anyUserName) throws Exception {
--- a/lib/taskana-core/src/test/java/acceptance/task/complete/CancelTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/complete/CancelTaskAccTest.java
@ -11,13 +11,13 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskState;
-import pro.taskana.task.api.exceptions.InvalidStateException;
+import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 /** Acceptance tests for all "cancel task" scenarios. */
@ExtendWith(JaasExtension.class)
@ -85,7 +85,7 @@ class CancelTaskAccTest extends AbstractAccTest {
  @Test
  void should_ThrowException_When_UserNotAuthorized() {
    assertThatThrownBy(() -> taskService.cancelTask("TKI:000000000000000000000000000000000001"))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "admin")
@ -97,7 +97,7 @@ class CancelTaskAccTest extends AbstractAccTest {
    ThrowingCallable taskanaCall = () -> taskService.cancelTask(taskSummaries.get(0).getId());
-    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "user-1-2")
@ -108,7 +108,7 @@ class CancelTaskAccTest extends AbstractAccTest {
    assertThat(taskSummaries).hasSize(5);
    ThrowingCallable taskanaCall = () -> taskService.cancelTask(taskSummaries.get(0).getId());
-    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "user-1-2")
@ -118,6 +118,6 @@ class CancelTaskAccTest extends AbstractAccTest {
        taskService.createTaskQuery().stateIn(TaskState.CANCELLED).list();
    assertThat(taskSummaries).hasSize(5);
    ThrowingCallable taskanaCall = () -> taskService.cancelTask(taskSummaries.get(0).getId());
-    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidTaskStateException.class);
  }
 }
--- a/lib/taskana-core/src/test/java/acceptance/task/complete/TerminateTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/complete/TerminateTaskAccTest.java
@ -11,11 +11,11 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskState;
-import pro.taskana.task.api.exceptions.InvalidStateException;
+import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.models.TaskSummary;
 /** Acceptance tests for "terminate task" scenarios. */
@ -74,7 +74,7 @@ class TerminateTaskAccTest extends AbstractAccTest {
    assertThat(taskSummaries).hasSize(10);
    ThrowingCallable taskanaCall = () -> taskService.terminateTask(taskSummaries.get(0).getId());
-    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "user-1-2")
@ -84,7 +84,7 @@ class TerminateTaskAccTest extends AbstractAccTest {
    ThrowingCallable taskanaCall =
        () -> taskService.terminateTask("TKI:000000000000000000000000000000000000");
-    assertThatThrownBy(taskanaCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "taskadmin")
@ -95,7 +95,7 @@ class TerminateTaskAccTest extends AbstractAccTest {
    assertThat(taskSummaries).hasSize(5);
    ThrowingCallable taskanaCall = () -> taskService.terminateTask(taskSummaries.get(0).getId());
-    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "taskadmin")
@ -105,6 +105,6 @@ class TerminateTaskAccTest extends AbstractAccTest {
        taskService.createTaskQuery().stateIn(TaskState.CANCELLED).list();
    assertThat(taskSummaries).hasSize(5);
    ThrowingCallable taskanaCall = () -> taskService.terminateTask(taskSummaries.get(0).getId());
-    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(InvalidTaskStateException.class);
  }
 }
--- a/lib/taskana-core/src/test/java/acceptance/task/create/CreateTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/create/CreateTaskAccTest.java
@ -27,7 +27,6 @@ import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.classification.internal.models.ClassificationSummaryImpl;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskCustomField;
@ -42,6 +41,7 @@ import pro.taskana.task.internal.AttachmentMapper;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
 import pro.taskana.task.internal.models.TaskImpl;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
@ -677,7 +677,7 @@ class CreateTaskAccTest extends AbstractAccTest {
        createObjectReference("COMPANY_A", "SYSTEM_A", "INSTANCE_A", "VNR", "1234567"));
    ThrowingCallable call = () -> taskService.createTask(newTask);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1")
@ -801,7 +801,7 @@ class CreateTaskAccTest extends AbstractAccTest {
        createObjectReference("COMPANY_B", "SYSTEM_B", "INSTANCE_B", "VNR", "1234567"));
    ThrowingCallable call = () -> taskService.createTask(newTask);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1")
@ -822,7 +822,7 @@ class CreateTaskAccTest extends AbstractAccTest {
    Task task = taskService.newTask("TEAMLEAD-2", "DOMAIN_A");
    ThrowingCallable call = () -> taskService.createTask(task);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1")
--- a/lib/taskana-core/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java
@ -12,11 +12,10 @@ import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.BulkOperationResults;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
@ -32,7 +31,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
    ThrowingCallable call =
        () -> taskService.deleteTask("TKI:000000000000000000000000000000000037");
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "user-taskrouter")
@ -40,7 +39,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
  void should_ThrowNotAuthorizedException_When_UserIsMemberOfTaskRouterRole() {
    ThrowingCallable call =
        () -> taskService.deleteTask("TKI:000000000000000000000000000000000037");
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "admin")
@ -121,7 +120,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
            "TKI:000000000000000000000000000000000010");
    ThrowingCallable call = () -> taskService.deleteTasks(taskIds);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "admin")
@ -142,7 +141,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
  void should_ThrowException_When_UserIsNotInAdminRole() {
    ThrowingCallable deleteTaskCall =
        () -> taskService.deleteTask("TKI:000000000000000000000000000000000041");
-    assertThatThrownBy(deleteTaskCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(deleteTaskCall).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "admin")
@ -151,7 +150,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
    Task task = taskService.getTask("TKI:000000000000000000000000000000000029");
    ThrowingCallable call = () -> taskService.deleteTask(task.getId());
-    assertThatThrownBy(call).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(call).isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "admin")
@ -162,7 +161,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
    ThrowingCallable call = () -> taskService.deleteTask(task.getId());
    assertThatThrownBy(call)
        .describedAs("Should not be possible to delete claimed task without force flag")
-        .isInstanceOf(InvalidStateException.class);
+        .isInstanceOf(InvalidTaskStateException.class);
    taskService.forceDeleteTask(task.getId());
--- a/lib/taskana-core/src/test/java/acceptance/task/get/GetTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/get/GetTaskAccTest.java
@ -13,7 +13,6 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskCustomField;
@ -21,6 +20,7 @@ import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 /** Acceptance test for all "get task" scenarios. */
@ExtendWith(JaasExtension.class)
@ -133,7 +133,7 @@ class GetTaskAccTest extends AbstractAccTest {
    ThrowingCallable getTaskCall =
        () -> taskService.getTask("TKI:000000000000000000000000000000000000");
-    assertThatThrownBy(getTaskCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(getTaskCall).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-taskrouter")
@ -142,7 +142,7 @@ class GetTaskAccTest extends AbstractAccTest {
    ThrowingCallable getTaskCall =
        () -> taskService.getTask("TKI:000000000000000000000000000000000000");
-    assertThatThrownBy(getTaskCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(getTaskCall).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "admin")
--- a/lib/taskana-core/src/test/java/acceptance/task/transfer/TransferTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/transfer/TransferTaskAccTest.java
@ -21,13 +21,11 @@ import org.junit.jupiter.api.function.ThrowingConsumer;
 import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.util.Pair;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidStateException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
@ -154,7 +152,7 @@ class TransferTaskAccTest extends AbstractAccTest {
    ThrowingCallable call =
        () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000005");
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1", groups = "cn=routers,cn=groups,OU=Test,O=TASKANA")
@ -165,7 +163,7 @@ class TransferTaskAccTest extends AbstractAccTest {
    assertThatThrownBy(
            () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000005"))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "teamlead-1", groups = GROUP_1_DN)
@ -196,7 +194,7 @@ class TransferTaskAccTest extends AbstractAccTest {
                "TKI:200000000000000000000000000000000007",
                "WBI:100000000000000000000000000000000001");
    assertThatThrownBy(call)
-        .isInstanceOf(NotAuthorizedException.class)
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class)
        .extracting(Throwable::getMessage)
        .asString()
        .startsWith(
@ -212,7 +210,7 @@ class TransferTaskAccTest extends AbstractAccTest {
    ThrowingCallable call =
        () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000008");
    assertThatThrownBy(call)
-        .isInstanceOf(NotAuthorizedException.class)
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class)
        .extracting(Throwable::getMessage)
        .asString()
        .startsWith(
@ -227,7 +225,7 @@ class TransferTaskAccTest extends AbstractAccTest {
    ThrowingCallable call =
        () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000005");
-    assertThatThrownBy(call).isInstanceOf(InvalidStateException.class);
+    assertThatThrownBy(call).isInstanceOf(InvalidTaskStateException.class);
  }
  @WithAccessId(user = "teamlead-1", groups = GROUP_1_DN)
@ -333,7 +331,7 @@ class TransferTaskAccTest extends AbstractAccTest {
    ThrowingCallable call =
        () -> taskService.transferTasks("WBI:100000000000000000000000000000000010", taskIdList);
    assertThatThrownBy(call)
-        .isInstanceOf(NotAuthorizedException.class)
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class)
        .hasMessageContaining("APPEND");
  }
--- a/lib/taskana-core/src/test/java/acceptance/task/update/UpdateTaskAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/task/update/UpdateTaskAccTest.java
@ -28,7 +28,6 @@ import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskCustomField;
@ -38,6 +37,7 @@ import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
 import pro.taskana.task.internal.models.TaskImpl;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 /** Acceptance test for all "update task" scenarios. */
@ExtendWith(JaasExtension.class)
@ -179,7 +179,7 @@ class UpdateTaskAccTest extends AbstractAccTest {
    task.setWorkbasketKey("USER-1-2");
    assertThatThrownBy(() -> taskService.updateTask(task))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1")
--- a/lib/taskana-core/src/test/java/acceptance/taskcomment/delete/DeleteTaskCommentAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/taskcomment/delete/DeleteTaskCommentAccTest.java
@ -11,10 +11,10 @@ import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
@ -56,7 +56,7 @@ class DeleteTaskCommentAccTest extends AbstractAccTest {
    ThrowingCallable lambda =
        () -> taskService.deleteTaskComment("TCI:000000000000000000000000000000000000");
-    assertThatThrownBy(lambda).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(lambda).isInstanceOf(MismatchedTaskCommentCreatorException.class);
    // make sure the task comment was not deleted
    List<TaskComment> taskCommentsAfterDeletion =
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/create/CreateWorkbasketAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/create/CreateWorkbasketAccTest.java
@ -12,7 +12,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@ -70,7 +70,7 @@ class CreateWorkbasketAccTest extends AbstractAccTest {
    workbasket.setOrgLevel1("company");
    ThrowingCallable call = () -> workbasketService.createWorkbasket(workbasket);
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/create/CreateWorkbasketAuthorizationsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/create/CreateWorkbasketAuthorizationsAccTest.java
@ -6,7 +6,7 @@ import acceptance.AbstractAccTest;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@ -29,6 +29,6 @@ class CreateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
    accessItem.setPermission(WorkbasketPermission.CUSTOM_11, true);
    accessItem.setPermission(WorkbasketPermission.READ, true);
    assertThatThrownBy(() -> workbasketService.createWorkbasketAccessItem(accessItem))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
 }
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/delete/DeleteWorkbasketAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/delete/DeleteWorkbasketAccTest.java
@ -12,12 +12,13 @@ import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.internal.models.TaskImpl;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketInUseException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
@ -60,7 +61,7 @@ class DeleteWorkbasketAccTest extends AbstractAccTest {
          Workbasket wb = workbasketService.getWorkbasket("TEAMLEAD-2", "DOMAIN_A");
          workbasketService.deleteWorkbasket(wb.getId());
        };
-    assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(TaskanaException.class);
    deleteWorkbasketCall =
        () -> {
@ -68,13 +69,13 @@ class DeleteWorkbasketAccTest extends AbstractAccTest {
              workbasketService.getWorkbasket("WBI:100000000000000000000000000000000005");
          workbasketService.deleteWorkbasket(wb.getId());
        };
-    assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(deleteWorkbasketCall).isInstanceOf(TaskanaException.class);
  }
  @Test
  void should_ThrowNotAuthorizedException_When_UnauthorizedTryingToGetWorkbaskets() {
    assertThatThrownBy(() -> workbasketService.getWorkbasket("TEAMLEAD-2", "DOMAIN_A"))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/delete/DeleteWorkbasketAuthorizationsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/delete/DeleteWorkbasketAuthorizationsAccTest.java
@ -9,7 +9,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
@ -30,14 +30,14 @@ class DeleteWorkbasketAuthorizationsAccTest extends AbstractAccTest {
          WORKBASKET_SERVICE.deleteWorkbasketAccessItemsForAccessId("group-1");
        };
-    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(MismatchedRoleException.class);
    deleteWorkbasketAccessItemCall =
        () -> {
          WORKBASKET_SERVICE.deleteWorkbasketAccessItem("WAI:100000000000000000000000000000000001");
        };
-    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "admin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/get/GetDistributionTargetsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/get/GetDistributionTargetsAccTest.java
@ -10,10 +10,11 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
@ -115,7 +116,7 @@ class GetDistributionTargetsAccTest extends AbstractAccTest {
          workbasketService.setDistributionTargets(
              existingWb, List.of("WBI:100000000000000000000000000000000002"));
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "user-1-1")
@ -129,7 +130,8 @@ class GetDistributionTargetsAccTest extends AbstractAccTest {
        () -> {
          workbasketService.getDistributionTargets(existingWb);
        };
-    assertThatThrownBy(getDistributionTargetsCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(getDistributionTargetsCall)
        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "businessadmin")
@ -167,7 +169,7 @@ class GetDistributionTargetsAccTest extends AbstractAccTest {
    ThrowingCallable call =
        () -> workbasketService.getDistributionSources("WBI:100000000000000000000000000000000004");
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-2-2")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/get/GetWorkbasketAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/get/GetWorkbasketAccTest.java
@ -14,12 +14,12 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.WorkbasketType;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
@ -169,13 +169,13 @@ class GetWorkbasketAccTest extends AbstractAccTest {
  void should_ThrowException_When_TryingToGetByIdWithoutPermissions() {
    ThrowingCallable call =
        () -> WORKBASKET_SERVICE.getWorkbasket("WBI:100000000000000000000000000000000001");
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @Test
  void should_ThrowException_When_TryingToGetByKeyAndDomainWithoutPermissions() {
    assertThatThrownBy(() -> WORKBASKET_SERVICE.getWorkbasket("GPK_KSC", "DOMAIN_A"))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
  }
  @WithAccessId(user = "user-1-1")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/get/GetWorkbasketAuthorizationsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/get/GetWorkbasketAuthorizationsAccTest.java
@ -7,7 +7,7 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
@ -28,6 +28,7 @@ class GetWorkbasketAuthorizationsAccTest extends AbstractAccTest {
          workbasketService.getWorkbasketAccessItems("WBI:100000000000000000000000000000000008");
        };
-    assertThatThrownBy(retrieveWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(retrieveWorkbasketAccessItemCall)
        .isInstanceOf(MismatchedRoleException.class);
  }
 }
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketAccessItemsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketAccessItemsAccTest.java
@ -14,7 +14,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.BaseQuery.SortDirection;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketAccessItemQuery;
@ -69,7 +69,7 @@ class QueryWorkbasketAccessItemsAccTest extends AbstractAccTest {
              .accessIdIn("user-1-1", "group-1")
              .list();
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketByPermissionAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketByPermissionAccTest.java
@ -11,7 +11,7 @@ import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.BaseQuery.SortDirection;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@ -66,7 +66,7 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
                .accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1")
                .list();
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/query/WorkbasketQueryAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/query/WorkbasketQueryAccTest.java
@ -9,7 +9,7 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@ -35,7 +35,7 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
                  List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
              .list();
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "unknownuser")
@ -54,7 +54,7 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
                  List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
              .list();
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateDistributionTargetsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateDistributionTargetsAccTest.java
@ -11,7 +11,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
@ -68,21 +68,21 @@ class UpdateDistributionTargetsAccTest extends AbstractAccTest {
          workbasketService.setDistributionTargets(
              existingWb, List.of("WBI:100000000000000000000000000000000002"));
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
    call =
        () -> {
          workbasketService.addDistributionTarget(
              existingWb, "WBI:100000000000000000000000000000000002");
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
    call =
        () -> {
          workbasketService.removeDistributionTarget(
              existingWb, "WBI:100000000000000000000000000000000002");
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
@ -153,7 +153,7 @@ class UpdateDistributionTargetsAccTest extends AbstractAccTest {
        () -> {
          workbasketService.addDistributionTarget(workbasket.getId(), newTarget.getId());
        };
-    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
+    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
  }
  @WithAccessId(user = "businessadmin")
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateWorkbasketAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateWorkbasketAccTest.java
@ -13,7 +13,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketCustomField;
@ -142,6 +142,6 @@ class UpdateWorkbasketAccTest extends AbstractAccTest {
    workbasket.setName("new name");
    assertThatThrownBy(() -> workbasketService.updateWorkbasket(workbasket))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
 }
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateWorkbasketAuthorizationsAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateWorkbasketAuthorizationsAccTest.java
@ -16,7 +16,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import pro.taskana.common.api.KeyDomain;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
@ -45,7 +45,7 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
            "WBI:100000000000000000000000000000000008", "newAccessIdForUpdate");
    assertThatThrownBy(() -> workbasketService.updateWorkbasketAccessItem(workbasketAccessItem))
-        .isInstanceOf(NotAuthorizedException.class);
+        .isInstanceOf(MismatchedRoleException.class);
  }
  @Test
--- a/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java
+++ b/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java
@ -12,7 +12,7 @@ import org.springframework.web.bind.annotation.RestController;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.common.internal.util.IdGenerator;
 import pro.taskana.workbasket.api.WorkbasketType;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAlreadyExistException;
@ -51,8 +51,8 @@ public class TaskanaTestController {
  @GetMapping(path = "/transaction")
  public @ResponseBody String transaction(
      @RequestParam(value = "rollback", defaultValue = "false") String rollback)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketAlreadyExistException,
+      throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          DomainNotFoundException {
+          MismatchedRoleException {
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key", "workbasket"));
    int workbaskets = getWorkbaskets();
@ -67,8 +67,8 @@ public class TaskanaTestController {
  @GetMapping(path = "/transaction-many")
  public @ResponseBody String transactionMany(
      @RequestParam(value = "rollback", defaultValue = "false") String rollback)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketAlreadyExistException,
+      throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          DomainNotFoundException {
+          MismatchedRoleException {
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key1", "workbasket1"));
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key2", "workbasket2"));
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key3", "workbasket3"));
@ -84,8 +84,8 @@ public class TaskanaTestController {
  @GetMapping(path = "/customdb")
  public @ResponseBody String transactionCustomdb(
      @RequestParam(value = "rollback", defaultValue = "false") String rollback)
-      throws InvalidArgumentException, NotAuthorizedException, WorkbasketAlreadyExistException,
+      throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          DomainNotFoundException {
+          MismatchedRoleException {
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key1", "workbasket1"));
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key2", "workbasket2"));
--- a/lib/taskana-spring/src/test/java/pro/taskana/common/internal/transaction/TaskanaComponent.java
+++ b/lib/taskana-spring/src/test/java/pro/taskana/common/internal/transaction/TaskanaComponent.java
@ -6,13 +6,13 @@ import org.springframework.transaction.annotation.Transactional;
 import pro.taskana.classification.api.exceptions.ClassificationNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.AttachmentPersistenceException;
 import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 /** TODO. */
@ -27,9 +27,9 @@ public class TaskanaComponent {
  }
  public void triggerRollback()
-      throws NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException,
+      throws WorkbasketNotFoundException, ClassificationNotFoundException,
          TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException {
+          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException {
    Task task = taskService.newTask("1");
    task.setName("Unit Test Task");
    ObjectReferenceImpl objRef = new ObjectReferenceImpl();
--- a/lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/ClassificationBuilder.java
+++ b/lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/ClassificationBuilder.java
@ -11,7 +11,7 @@ import pro.taskana.classification.api.models.Classification;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.NotAuthorizedException;
+import pro.taskana.common.api.exceptions.MismatchedRoleException;
 import pro.taskana.testapi.builder.EntityBuilder.SummaryEntityBuilder;
 public class ClassificationBuilder
@ -119,7 +119,7 @@ public class ClassificationBuilder
  @Override
  public Classification buildAndStore(ClassificationService classificationService)
      throws InvalidArgumentException, ClassificationAlreadyExistException, DomainNotFoundException,
-          MalformedServiceLevelException, NotAuthorizedException, ClassificationNotFoundException {
+          MalformedServiceLevelException, ClassificationNotFoundException, MismatchedRoleException {
    try {
      Classification c = classificationService.createClassification(testClassification);
      return classificationService.getClassification(c.getId());
--- a/lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/TaskBuilder.java
+++ b/lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/TaskBuilder.java
@ -7,7 +7,6 @@ import java.util.Map;
 import pro.taskana.classification.api.exceptions.ClassificationNotFoundException;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.CallbackState;
 import pro.taskana.task.api.TaskCustomField;
 import pro.taskana.task.api.TaskCustomIntField;
@ -22,6 +21,7 @@ import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.testapi.builder.EntityBuilder.SummaryEntityBuilder;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
@ -215,8 +215,9 @@ public class TaskBuilder implements SummaryEntityBuilder<TaskSummary, Task, Task
  @Override
  public Task buildAndStore(TaskService taskService)
      throws TaskAlreadyExistException, InvalidArgumentException, WorkbasketNotFoundException,
-          ClassificationNotFoundException, NotAuthorizedException, AttachmentPersistenceException,
+          ClassificationNotFoundException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException, TaskNotFoundException {
+          ObjectReferencePersistenceException, TaskNotFoundException,
          MismatchedWorkbasketPermissionException {
    try {
      Task task = taskService.createTask(testTask);
      return taskService.getTask(task.getId());
--- a/lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/TaskCommentBuilder.java
+++ b/lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/TaskCommentBuilder.java
@ -3,11 +3,11 @@ package pro.taskana.testapi.builder;
 import java.time.Instant;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
 import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
 public class TaskCommentBuilder implements EntityBuilder<TaskComment, TaskService> {
@ -49,8 +49,8 @@ public class TaskCommentBuilder implements EntityBuilder<TaskComment, TaskServic
  @Override
  public TaskComment buildAndStore(TaskService taskService)
-      throws InvalidArgumentException, TaskNotFoundException, NotAuthorizedException,
+      throws InvalidArgumentException, TaskNotFoundException, TaskCommentNotFoundException,
-          TaskCommentNotFoundException {
+          MismatchedWorkbasketPermissionException {
    try {
      TaskComment t = taskService.createTaskComment(testTaskComment);
      return taskService.getTaskComment(t.getId());
--- a/Show More
+++ b/Show More