TSK-2012: renamed Mismatched_Exceptions to NotAuthorizedExceptions

common/taskana-common/src/main/java/pro/taskana/common/api/exceptions/NotAuthorizedException.java

@@ -9,13 +9,13 @@ import pro.taskana.common.internal.util.MapCreator;
  * This exception is thrown when the current user is not in a certain {@linkplain TaskanaRole role}
  * it is supposed to be.
  */
-public class MismatchedRoleException extends TaskanaException {
+public class NotAuthorizedException extends TaskanaException {
 
-  public static final String ERROR_KEY = "ROLE_MISMATCHED";
+  public static final String ERROR_KEY = "NOT_AUTHORIZED";
   private final String currentUserId;
   private final TaskanaRole[] roles;
 
-  public MismatchedRoleException(String currentUserId, TaskanaRole... roles) {
+  public NotAuthorizedException(String currentUserId, TaskanaRole... roles) {
     super(
         String.format(
             "Not authorized. The current user '%s' is not member of role(s) '%s'.",

history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/TaskanaHistoryEngine.java

@@ -1,7 +1,7 @@
 package pro.taskana.simplehistory;
 
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.spi.history.api.TaskanaHistory;
 
 /** The TaskanaHistoryEngine represents an overall set of all needed services. */
@@ -25,7 +25,7 @@ public interface TaskanaHistoryEngine {
    * Checks whether current user is member of any of the specified roles.
    *
    * @param roles The roles that are checked for membership of the current user
-   * @throws MismatchedRoleException If the current user is not member of any specified role
+   * @throws NotAuthorizedException If the current user is not member of any specified role
    */
-  void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException;
+  void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException;
 }

history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/SimpleHistoryServiceImpl.java

@@ -9,7 +9,7 @@ import org.slf4j.LoggerFactory;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.simplehistory.impl.classification.ClassificationHistoryEventMapper;
 import pro.taskana.simplehistory.impl.classification.ClassificationHistoryQuery;
 import pro.taskana.simplehistory.impl.task.TaskHistoryEventMapper;
@@ -103,7 +103,7 @@ public class SimpleHistoryServiceImpl implements TaskanaHistory {
 
   @Override
   public void deleteHistoryEventsByTaskIds(List<String> taskIds)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     taskanaHistoryEngine.checkRoleMembership(TaskanaRole.ADMIN);
 
     if (taskIds == null) {

history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/TaskanaHistoryEngineImpl.java

@@ -24,7 +24,7 @@ import org.slf4j.LoggerFactory;
 import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.OracleSqlSessionFactory;
 import pro.taskana.common.internal.configuration.DB;
@@ -89,7 +89,7 @@ public class TaskanaHistoryEngineImpl implements TaskanaHistoryEngine {
         .anyMatch(rolesMembers::contains);
   }
 
-  public void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException {
+  public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
     if (!isUserInRole(roles)) {
       if (LOGGER.isDebugEnabled()) {
         LOGGER.debug(
@@ -97,7 +97,7 @@ public class TaskanaHistoryEngineImpl implements TaskanaHistoryEngine {
             taskanaEngine.getCurrentUserContext().getAccessIds(),
             Arrays.toString(roles));
       }
-      throw new MismatchedRoleException(taskanaEngine.getCurrentUserContext().getUserid(), roles);
+      throw new NotAuthorizedException(taskanaEngine.getCurrentUserContext().getUserid(), roles);
     }
   }
 

history/taskana-simplehistory-provider/src/main/java/pro/taskana/simplehistory/impl/jobs/HistoryCleanupJob.java

@@ -19,7 +19,7 @@ import pro.taskana.common.api.ScheduledJob;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.jobs.AbstractTaskanaJob;
 import pro.taskana.common.internal.transaction.TaskanaTransactionProvider;
@@ -181,7 +181,7 @@ public class HistoryCleanupJob extends AbstractTaskanaJob {
   }
 
   private int deleteEvents(List<String> taskIdsToDeleteHistoryEventsFor)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     SimpleHistoryServiceImpl simpleHistoryService =
         (SimpleHistoryServiceImpl) taskanaHistoryEngine.getTaskanaHistoryService();
 

lib/taskana-cdi-example/src/main/java/pro/taskana/example/ExampleBootstrap.java

@@ -16,7 +16,7 @@ import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 
 /** Example Bootstrap Application. */
@@ -30,7 +30,7 @@ public class ExampleBootstrap {
       throws TaskNotFoundException, WorkbasketNotFoundException, ClassificationNotFoundException,
           InvalidOwnerException, TaskAlreadyExistException, InvalidArgumentException,
           AttachmentPersistenceException, ObjectReferencePersistenceException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          NotAuthorizedOnWorkbasketException, InvalidTaskStateException {
     System.out.println("---------------------------> Start App");
     ObjectReferenceImpl objRef = new ObjectReferenceImpl();
     objRef.setCompany("aCompany");

lib/taskana-core-test/src/test/java/acceptance/classification/create/CreateClassificationAccTest.java

@@ -28,7 +28,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.util.Pair;
 import pro.taskana.testapi.DefaultTestEntities;
 import pro.taskana.testapi.TaskanaInject;
@@ -263,11 +263,11 @@ class CreateClassificationAccTest {
   void should_ThrowException_When_UserRoleIsNotAdminOrBusinessAdmin(WithAccessId accessId) {
     Classification classification =
         classificationService.newClassification("KeyErrCreation", MASTER_DOMAIN, "TASK");
-    MismatchedRoleException expectedException =
+    NotAuthorizedException expectedException =
-        new MismatchedRoleException(accessId.user(), TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
+        new NotAuthorizedException(accessId.user(), TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
 
     assertThatThrownBy(() -> classificationService.createClassification(classification))
-        .isInstanceOf(MismatchedRoleException.class)
+        .isInstanceOf(NotAuthorizedException.class)
         .usingRecursiveComparison()
         .isEqualTo(expectedException);
   }

lib/taskana-core-test/src/test/java/acceptance/classification/delete/DeleteClassificationAccTest.java

@@ -13,7 +13,7 @@ import pro.taskana.classification.api.exceptions.ClassificationInUseException;
 import pro.taskana.classification.api.exceptions.ClassificationNotFoundException;
 import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.models.Attachment;
 import pro.taskana.testapi.DefaultTestEntities;
@@ -79,7 +79,7 @@ class DeleteClassificationAccTest {
             classificationService.deleteClassification(
                 classification.getKey(), classification.getDomain());
 
-    MismatchedRoleException e = catchThrowableOfType(call, MismatchedRoleException.class);
+    NotAuthorizedException e = catchThrowableOfType(call, NotAuthorizedException.class);
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
     assertThat(e.getRoles())
         .containsExactlyInAnyOrder(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@@ -95,7 +95,7 @@ class DeleteClassificationAccTest {
     ThrowingCallable call =
         () -> classificationService.deleteClassification(classification.getId());
 
-    MismatchedRoleException e = catchThrowableOfType(call, MismatchedRoleException.class);
+    NotAuthorizedException e = catchThrowableOfType(call, NotAuthorizedException.class);
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-1");
     assertThat(e.getRoles())
         .containsExactlyInAnyOrder(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);

lib/taskana-core-test/src/test/java/acceptance/classification/update/UpdateClassificationAccTest.java

@@ -37,7 +37,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.WorkingTimeCalculator;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.security.CurrentUserContext;
 import pro.taskana.common.internal.jobs.JobRunner;
 import pro.taskana.common.internal.util.Pair;
@@ -654,8 +654,8 @@ class UpdateClassificationAccTest {
           classificationService.getClassification("BeforeAllClassification", "DOMAIN_A");
       classification.setCustomField(ClassificationCustomField.CUSTOM_1, "newCustom1");
 
-      MismatchedRoleException expectedException =
+      NotAuthorizedException expectedException =
-          new MismatchedRoleException(
+          new NotAuthorizedException(
               currentUserContext.getUserid(), TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
       assertThatThrownBy(() -> classificationService.updateClassification(classification))
           .usingRecursiveComparison()
@@ -672,8 +672,8 @@ class UpdateClassificationAccTest {
       classification.setApplicationEntryPoint("updated EntryPoint");
       classification.setName("updated Name");
 
-      MismatchedRoleException expectedException =
+      NotAuthorizedException expectedException =
-          new MismatchedRoleException(
+          new NotAuthorizedException(
               currentUserContext.getUserid(), TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
       assertThatThrownBy(() -> classificationService.updateClassification(classification))
           .usingRecursiveComparison()

lib/taskana-core-test/src/test/java/acceptance/task/complete/CompleteTaskAccTest.java

@@ -43,7 +43,7 @@ import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.user.api.UserService;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
 @TaskanaIntegrationTest
@@ -213,8 +213,8 @@ class CompleteTaskAccTest implements TaskanaConfigurationModifier {
 
     ThrowingCallable call = () -> taskService.completeTask(claimedTask.getId());
 
-    MismatchedWorkbasketPermissionException e =
+    NotAuthorizedOnWorkbasketException e =
-        catchThrowableOfType(call, MismatchedWorkbasketPermissionException.class);
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
     assertThat(e.getCurrentUserId()).isEqualTo(currentUserContext.getUserid());
     WorkbasketSummary workbasket = claimedTask.getWorkbasketSummary();
     assertThat(e.getWorkbasketId()).isEqualTo(workbasket.getId());

lib/taskana-core-test/src/test/java/acceptance/task/requestchanges/RequestChangesAccTest.java

@@ -33,7 +33,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
 import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
 @TaskanaIntegrationTest
@@ -142,8 +142,8 @@ class RequestChangesAccTest {
     Task task = createTaskInReviewByUser("user-1-1").buildAndStore(taskService, "user-1-1");
     ThrowingCallable call = () -> taskService.requestChanges(task.getId());
 
-    MismatchedWorkbasketPermissionException e =
+    NotAuthorizedOnWorkbasketException e =
-        catchThrowableOfType(call, MismatchedWorkbasketPermissionException.class);
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
     assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
     assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());

lib/taskana-core-test/src/test/java/acceptance/task/requestreview/RequestReviewAccTest.java

@@ -33,7 +33,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
 import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
 @TaskanaIntegrationTest
@@ -171,8 +171,8 @@ class RequestReviewAccTest {
     Task task = createTaskClaimedByUser("user-1-1").buildAndStore(taskService, "user-1-1");
     ThrowingCallable call = () -> taskService.requestReview(task.getId());
 
-    MismatchedWorkbasketPermissionException e =
+    NotAuthorizedOnWorkbasketException e =
-        catchThrowableOfType(call, MismatchedWorkbasketPermissionException.class);
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
     assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
     assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasketSummary.getId());

lib/taskana-core-test/src/test/java/acceptance/taskcomment/create/CreateTaskCommentAccTest.java

@@ -24,7 +24,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
 import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.models.Workbasket;
 
 @TaskanaIntegrationTest
@@ -101,8 +101,8 @@ class CreateTaskCommentAccTest {
 
     ThrowingCallable call = () -> taskService.createTaskComment(taskCommentToCreate);
 
-    MismatchedWorkbasketPermissionException e =
+    NotAuthorizedOnWorkbasketException e =
-        catchThrowableOfType(call, MismatchedWorkbasketPermissionException.class);
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
     assertThat(e.getWorkbasketId()).isEqualTo(defaultWorkbasket.getId());
     assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);

lib/taskana-core-test/src/test/java/acceptance/taskcomment/get/GetTaskCommentAccTest.java

@@ -33,7 +33,7 @@ import pro.taskana.user.api.UserService;
 import pro.taskana.user.api.models.User;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.models.Workbasket;
 
 @TaskanaIntegrationTest
@@ -131,8 +131,8 @@ class GetTaskCommentAccTest {
   @Test
   void should_FailToReturnTaskComments_When_TaskIsNotVisible() {
     ThrowingCallable call = () -> taskService.getTaskComments(task1.getId());
-    MismatchedWorkbasketPermissionException e =
+    NotAuthorizedOnWorkbasketException e =
-        catchThrowableOfType(call, MismatchedWorkbasketPermissionException.class);
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
 
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
     assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);
@@ -151,8 +151,8 @@ class GetTaskCommentAccTest {
             .buildAndStore(taskService, "user-1-1");
 
     ThrowingCallable call = () -> taskService.getTaskComment(comment.getId());
-    MismatchedWorkbasketPermissionException e =
+    NotAuthorizedOnWorkbasketException e =
-        catchThrowableOfType(call, MismatchedWorkbasketPermissionException.class);
+        catchThrowableOfType(call, NotAuthorizedOnWorkbasketException.class);
 
     assertThat(e.getCurrentUserId()).isEqualTo("user-1-2");
     assertThat(e.getRequiredPermissions()).containsExactly(WorkbasketPermission.READ);

lib/taskana-core-test/src/test/java/acceptance/taskcomment/update/UpdateTaskCommentAccTest.java

@@ -15,7 +15,7 @@ import pro.taskana.classification.api.ClassificationService;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.task.api.TaskService;
-import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
+import pro.taskana.task.api.exceptions.NotAuthorizedOnTaskCommentException;
 import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskComment;
@@ -28,7 +28,7 @@ import pro.taskana.testapi.builder.WorkbasketAccessItemBuilder;
 import pro.taskana.testapi.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
 @TaskanaIntegrationTest
@@ -90,7 +90,7 @@ class UpdateTaskCommentAccTest {
     taskComment.setTextField("updated textfield");
 
     assertThatThrownBy(() -> taskService.updateTaskComment(taskComment))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1")
@@ -108,7 +108,7 @@ class UpdateTaskCommentAccTest {
 
     ThrowingCallable updateTaskCommentCall = () -> taskService.updateTaskComment(taskComment);
     assertThatThrownBy(updateTaskCommentCall)
-        .isInstanceOf(MismatchedTaskCommentCreatorException.class);
+        .isInstanceOf(NotAuthorizedOnTaskCommentException.class);
   }
 
   @WithAccessId(user = "user-1-1")

lib/taskana-core-test/src/test/java/acceptance/user/UserServiceAccTest.java

@@ -30,7 +30,7 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.util.Triplet;
 import pro.taskana.testapi.TaskanaConfigurationModifier;
 import pro.taskana.testapi.TaskanaInject;
@@ -471,7 +471,7 @@ class UserServiceAccTest {
       userToCreate.setLastName("lastName");
       ThrowingCallable callable = () -> userService.createUser(userToCreate);
 
-      MismatchedRoleException ex = catchThrowableOfType(callable, MismatchedRoleException.class);
+      NotAuthorizedException ex = catchThrowableOfType(callable, NotAuthorizedException.class);
       assertThat(ex.getCurrentUserId()).isEqualTo("user-1-1");
       assertThat(ex.getRoles())
           .isEqualTo(new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN});
@@ -563,7 +563,7 @@ class UserServiceAccTest {
             userService.updateUser(userToUpdate);
           };
 
-      MismatchedRoleException ex = catchThrowableOfType(callable, MismatchedRoleException.class);
+      NotAuthorizedException ex = catchThrowableOfType(callable, NotAuthorizedException.class);
       assertThat(ex.getCurrentUserId()).isEqualTo("user-1-1");
       assertThat(ex.getRoles())
           .isEqualTo(new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN});
@@ -848,7 +848,7 @@ class UserServiceAccTest {
 
       ThrowingCallable callable = () -> userService.deleteUser(userToDelete.getId());
 
-      MismatchedRoleException ex = catchThrowableOfType(callable, MismatchedRoleException.class);
+      NotAuthorizedException ex = catchThrowableOfType(callable, NotAuthorizedException.class);
       assertThat(ex.getCurrentUserId()).isEqualTo("user-1-1");
       assertThat(ex.getRoles())
           .isEqualTo(new TaskanaRole[] {TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN});

lib/taskana-core/src/main/java/pro/taskana/classification/api/ClassificationService.java

@@ -9,7 +9,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.task.api.models.Task;
 
 /**
@@ -59,7 +59,7 @@ public interface ClassificationService {
    *     id}.
    * @throws ClassificationAlreadyExistException if the {@linkplain Classification} already exists
    *     in the given {@linkplain Classification#getDomain() domain}.
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    * @throws DomainNotFoundException if the {@linkplain Classification#getDomain() domain} does not
    *     exist in the configuration
@@ -69,7 +69,7 @@ public interface ClassificationService {
    */
   Classification createClassification(Classification classification)
       throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException,
-          MalformedServiceLevelException, MismatchedRoleException;
+          MalformedServiceLevelException, NotAuthorizedException;
 
   // READ
 
@@ -114,7 +114,7 @@ public interface ClassificationService {
    * @return the updated {@linkplain Classification}.
    * @throws ClassificationNotFoundException if the specified {@linkplain Classification} or its
    *     parent does not exist
-   * @throws MismatchedRoleException if the caller is neither member of{@linkplain
+   * @throws NotAuthorizedException if the caller is neither member of{@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} nor {@linkplain TaskanaRole#ADMIN}
    * @throws ConcurrencyException if the {@linkplain Classification} was modified in the meantime
    *     and is not the most up to date anymore; that's the case if the given {@linkplain
@@ -125,7 +125,7 @@ public interface ClassificationService {
    */
   Classification updateClassification(Classification classification)
       throws ClassificationNotFoundException, ConcurrencyException, InvalidArgumentException,
-          MalformedServiceLevelException, MismatchedRoleException;
+          MalformedServiceLevelException, NotAuthorizedException;
 
   // DELETE
 
@@ -139,11 +139,11 @@ public interface ClassificationService {
    *     {@linkplain Classification}
    * @throws ClassificationNotFoundException if no {@linkplain Classification} with the specified
    *     {@linkplain Classification#getId() id} was found
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    */
   void deleteClassification(String id)
-      throws ClassificationInUseException, ClassificationNotFoundException, MismatchedRoleException;
+      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException;
 
   /**
    * Deletes the {@linkplain Classification} identified by the provided {@linkplain
@@ -161,11 +161,11 @@ public interface ClassificationService {
    * @throws ClassificationNotFoundException if no {@linkplain Classification} with the specified
    *     {@linkplain Classification#getKey() key} and {@linkplain Classification#getDomain() domain}
    *     was found
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    */
   void deleteClassification(String classificationKey, String domain)
-      throws ClassificationInUseException, ClassificationNotFoundException, MismatchedRoleException;
+      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException;
 
   // endregion
 

lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java

@@ -30,7 +30,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
 import pro.taskana.common.internal.util.LogSanitizer;
@@ -108,8 +108,7 @@ public class ClassificationServiceImpl implements ClassificationService {
 
   @Override
   public void deleteClassification(String classificationId)
-      throws ClassificationInUseException, ClassificationNotFoundException,
+      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException {
-          MismatchedRoleException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
       taskanaEngine.openConnection();
@@ -164,8 +163,7 @@ public class ClassificationServiceImpl implements ClassificationService {
 
   @Override
   public void deleteClassification(String classificationKey, String domain)
-      throws ClassificationInUseException, ClassificationNotFoundException,
+      throws ClassificationInUseException, ClassificationNotFoundException, NotAuthorizedException {
-          MismatchedRoleException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
       taskanaEngine.openConnection();
@@ -183,7 +181,7 @@ public class ClassificationServiceImpl implements ClassificationService {
   @Override
   public Classification createClassification(Classification classification)
       throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException,
-          MalformedServiceLevelException, MismatchedRoleException {
+          MalformedServiceLevelException, NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     if (!taskanaEngine.domainExists(classification.getDomain())
         && !MASTER_DOMAIN.equals(classification.getDomain())) {
@@ -237,7 +235,7 @@ public class ClassificationServiceImpl implements ClassificationService {
   @Override
   public Classification updateClassification(Classification classification)
       throws ConcurrencyException, ClassificationNotFoundException, InvalidArgumentException,
-          MalformedServiceLevelException, MismatchedRoleException {
+          MalformedServiceLevelException, NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     ClassificationImpl classificationImpl;
     try {

lib/taskana-core/src/main/java/pro/taskana/common/api/TaskanaEngine.java

@@ -5,7 +5,7 @@ import java.util.function.Supplier;
 
 import pro.taskana.TaskanaConfiguration;
 import pro.taskana.classification.api.ClassificationService;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.security.CurrentUserContext;
 import pro.taskana.common.internal.TaskanaEngineImpl;
 import pro.taskana.common.internal.workingtime.WorkingTimeCalculatorImpl;
@@ -190,10 +190,10 @@ public interface TaskanaEngine {
    *
    * @param roles The {@linkplain TaskanaRole TaskanaRoles} that are checked for membership of the
    *     current user
-   * @throws MismatchedRoleException If the current user is not member of any specified {@linkplain
+   * @throws NotAuthorizedException If the current user is not member of any specified {@linkplain
    *     TaskanaRole TaskanaRole}
    */
-  void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException;
+  void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException;
 
   /**
    * Executes a given {@code Supplier} with admin privileges and thus skips further permission

lib/taskana-core/src/main/java/pro/taskana/common/internal/TaskanaEngineImpl.java

@@ -39,7 +39,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.WorkingTimeCalculator;
 import pro.taskana.common.api.exceptions.AutocommitFailedException;
 import pro.taskana.common.api.exceptions.ConnectionNotSetException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.security.CurrentUserContext;
 import pro.taskana.common.api.security.UserPrincipal;
@@ -319,7 +319,7 @@ public class TaskanaEngineImpl implements TaskanaEngine {
   }
 
   @Override
-  public void checkRoleMembership(TaskanaRole... roles) throws MismatchedRoleException {
+  public void checkRoleMembership(TaskanaRole... roles) throws NotAuthorizedException {
     if (!isUserInRole(roles)) {
       if (LOGGER.isDebugEnabled()) {
         String rolesAsString = Arrays.toString(roles);
@@ -328,7 +328,7 @@ public class TaskanaEngineImpl implements TaskanaEngine {
             currentUserContext.getAccessIds(),
             rolesAsString);
       }
-      throw new MismatchedRoleException(currentUserContext.getUserid(), roles);
+      throw new NotAuthorizedException(currentUserContext.getUserid(), roles);
     }
   }
 

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/ClassificationCategoryReport.java

@@ -5,7 +5,7 @@ import java.util.List;
 import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@@ -34,10 +34,10 @@ public class ClassificationCategoryReport
 
     @Override
     ClassificationCategoryReport buildReport()
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     @Override
     ClassificationCategoryReport buildReport(TaskTimestamp timestamp)
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
   }
 }

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/ClassificationReport.java

@@ -6,7 +6,7 @@ import pro.taskana.classification.api.models.Classification;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@@ -36,11 +36,11 @@ public class ClassificationReport extends Report<MonitorQueryItem, TimeIntervalC
       extends TimeIntervalReportBuilder<Builder, MonitorQueryItem, TimeIntervalColumnHeader> {
 
     @Override
-    ClassificationReport buildReport() throws InvalidArgumentException, MismatchedRoleException;
+    ClassificationReport buildReport() throws InvalidArgumentException, NotAuthorizedException;
 
     @Override
     ClassificationReport buildReport(TaskTimestamp timestamp)
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Returns a {@linkplain DetailedClassificationReport} containing all tasks after applying the
@@ -50,14 +50,14 @@ public class ClassificationReport extends Report<MonitorQueryItem, TimeIntervalC
      *
      * @return the DetailedClassificationReport
      * @throws InvalidArgumentException if the column headers are not initialized
-     * @throws MismatchedRoleException if the current user is not member of {@linkplain
+     * @throws NotAuthorizedException if the current user is not member of {@linkplain
      *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
      */
     DetailedClassificationReport buildDetailedReport()
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     DetailedClassificationReport buildDetailedReport(TaskTimestamp timestamp)
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
   }
 
   /**

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/Report.java

@@ -8,7 +8,7 @@ import java.util.Map;
 import java.util.Set;
 
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.item.QueryItem;
 import pro.taskana.monitor.api.reports.item.QueryItemPreprocessor;
@@ -133,6 +133,6 @@ public abstract class Report<I extends QueryItem, H extends ColumnHeader<? super
    */
   public interface Builder<I extends QueryItem, H extends ColumnHeader<? super I>> {
 
-    Report<I, H> buildReport() throws InvalidArgumentException, MismatchedRoleException;
+    Report<I, H> buildReport() throws InvalidArgumentException, NotAuthorizedException;
   }
 }

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TaskCustomFieldValueReport.java

@@ -4,7 +4,7 @@ import java.util.List;
 
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@@ -32,10 +32,10 @@ public class TaskCustomFieldValueReport extends Report<MonitorQueryItem, TimeInt
 
     @Override
     TaskCustomFieldValueReport buildReport()
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     @Override
     TaskCustomFieldValueReport buildReport(TaskTimestamp timestamp)
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
   }
 }

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TaskStatusReport.java

@@ -4,7 +4,7 @@ import java.util.List;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TaskStatusColumnHeader;
 import pro.taskana.monitor.api.reports.item.TaskQueryItem;
@@ -34,7 +34,7 @@ public class TaskStatusReport extends Report<TaskQueryItem, TaskStatusColumnHead
   public interface Builder extends Report.Builder<TaskQueryItem, TaskStatusColumnHeader> {
 
     @Override
-    TaskStatusReport buildReport() throws MismatchedRoleException;
+    TaskStatusReport buildReport() throws NotAuthorizedException;
 
     /**
      * Adds a list of states to the builder. The created report contains only tasks with a state in

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TimeIntervalReportBuilder.java

@@ -5,7 +5,7 @@ import java.util.List;
 import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.SelectedItem;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@@ -216,33 +216,33 @@ public interface TimeIntervalReportBuilder<
    * @param timestamp the {@linkplain TaskTimestamp} of interest
    * @return the list of all taskIds
    * @throws InvalidArgumentException if the column headers are not initialized
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
    */
   List<String> listTaskIdsForSelectedItems(
       List<SelectedItem> selectedItems, TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 
   /**
    * Returns a list of all values of an entered custom field that are in the {@linkplain Report}.
    *
    * @param taskCustomField the {@linkplain TaskCustomField} whose values should appear in the list
    * @return the list of all custom attribute values
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
    */
   List<String> listCustomAttributeValuesForCustomAttributeName(TaskCustomField taskCustomField)
-      throws MismatchedRoleException;
+      throws NotAuthorizedException;
 
   /**
    * Builds the {@linkplain Report} for the specified {@linkplain TaskTimestamp}.
    *
    * @param timestamp The {@linkplain TaskTimestamp} of interest
    * @return The build {@linkplain Report}
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#MONITOR} or {@linkplain TaskanaRole#ADMIN}
    * @throws InvalidArgumentException if an error occurs
    */
   Report<I, H> buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 }

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/TimestampReport.java

@@ -4,7 +4,7 @@ import java.util.List;
 
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.TimeIntervalColumnHeader;
@@ -45,7 +45,7 @@ public class TimestampReport extends Report<TimestampQueryItem, TimeIntervalColu
           TimestampReport.Builder, TimestampQueryItem, TimeIntervalColumnHeader> {
 
     @Override
-    TimestampReport buildReport() throws InvalidArgumentException, MismatchedRoleException;
+    TimestampReport buildReport() throws InvalidArgumentException, NotAuthorizedException;
 
     Builder withTimestamps(List<TaskTimestamp> taskTimestamps);
   }

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/WorkbasketPriorityReport.java

@@ -4,7 +4,7 @@ import java.util.List;
 
 import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
 import pro.taskana.monitor.api.reports.header.PriorityColumnHeader;
 import pro.taskana.monitor.api.reports.item.PriorityQueryItem;
@@ -33,7 +33,7 @@ public class WorkbasketPriorityReport extends Report<PriorityQueryItem, Priority
   public interface Builder extends Report.Builder<PriorityQueryItem, PriorityColumnHeader> {
 
     @Override
-    WorkbasketPriorityReport buildReport() throws MismatchedRoleException;
+    WorkbasketPriorityReport buildReport() throws NotAuthorizedException;
 
     /**
      * Adds {@linkplain WorkbasketType WorkbasketTypes} to the builder. The created report will only

lib/taskana-core/src/main/java/pro/taskana/monitor/api/reports/WorkbasketReport.java

@@ -4,7 +4,7 @@ import java.util.List;
 
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.header.ColumnHeader;
@@ -32,11 +32,11 @@ public class WorkbasketReport extends Report<MonitorQueryItem, TimeIntervalColum
       extends TimeIntervalReportBuilder<Builder, MonitorQueryItem, TimeIntervalColumnHeader> {
 
     @Override
-    WorkbasketReport buildReport() throws InvalidArgumentException, MismatchedRoleException;
+    WorkbasketReport buildReport() throws InvalidArgumentException, NotAuthorizedException;
 
     @Override
     WorkbasketReport buildReport(TaskTimestamp timestamp)
-        throws InvalidArgumentException, MismatchedRoleException;
+        throws InvalidArgumentException, NotAuthorizedException;
 
     /**
      * Adds a list of {@linkplain CombinedClassificationFilter} to the builder. The created report

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/ClassificationCategoryReportBuilderImpl.java

@@ -5,7 +5,7 @@ import java.util.List;
 
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.ClassificationCategoryReport;
@@ -27,13 +27,13 @@ public class ClassificationCategoryReportBuilderImpl
 
   @Override
   public ClassificationCategoryReport buildReport()
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     return buildReport(TaskTimestamp.DUE);
   }
 
   @Override
   public ClassificationCategoryReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/ClassificationReportBuilderImpl.java

@@ -10,7 +10,7 @@ import pro.taskana.classification.api.ClassificationService;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.ClassificationReport;
@@ -38,13 +38,13 @@ public class ClassificationReportBuilderImpl
 
   @Override
   public ClassificationReport buildReport()
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     return buildReport(TaskTimestamp.DUE);
   }
 
   @Override
   public ClassificationReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();
@@ -77,13 +77,13 @@ public class ClassificationReportBuilderImpl
 
   @Override
   public DetailedClassificationReport buildDetailedReport()
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     return buildDetailedReport(TaskTimestamp.DUE);
   }
 
   @Override
   public DetailedClassificationReport buildDetailedReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TaskCustomFieldValueReportBuilderImpl.java

@@ -5,7 +5,7 @@ import java.util.List;
 
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.TaskTimestamp;
 import pro.taskana.monitor.api.reports.TaskCustomFieldValueReport;
@@ -33,13 +33,13 @@ public class TaskCustomFieldValueReportBuilderImpl
 
   @Override
   public TaskCustomFieldValueReport buildReport()
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     return buildReport(TaskTimestamp.DUE);
   }
 
   @Override
   public TaskCustomFieldValueReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TaskStatusReportBuilderImpl.java

@@ -6,7 +6,7 @@ import java.util.Map;
 import java.util.stream.Collectors;
 
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.reports.TaskStatusReport;
 import pro.taskana.monitor.api.reports.TaskStatusReport.Builder;
@@ -35,7 +35,7 @@ public class TaskStatusReportBuilderImpl implements TaskStatusReport.Builder {
   }
 
   @Override
-  public TaskStatusReport buildReport() throws MismatchedRoleException {
+  public TaskStatusReport buildReport() throws NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TimeIntervalReportBuilderImpl.java

@@ -9,7 +9,7 @@ import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.WorkingTimeCalculator;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
@@ -547,7 +547,7 @@ abstract class TimeIntervalReportBuilderImpl<
   @Override
   public List<String> listTaskIdsForSelectedItems(
       List<SelectedItem> selectedItems, TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
 
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR);
     try {
@@ -583,7 +583,7 @@ abstract class TimeIntervalReportBuilderImpl<
 
   @Override
   public List<String> listCustomAttributeValuesForCustomAttributeName(
-      TaskCustomField taskCustomField) throws MismatchedRoleException {
+      TaskCustomField taskCustomField) throws NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/TimestampReportBuilderImpl.java

@@ -9,7 +9,7 @@ import java.util.stream.Collectors;
 
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.SelectedItem;
 import pro.taskana.monitor.api.TaskTimestamp;
@@ -55,12 +55,12 @@ public class TimestampReportBuilderImpl
 
   @Override
   public Report<TimestampQueryItem, TimeIntervalColumnHeader> buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     return buildReport();
   }
 
   @Override
-  public TimestampReport buildReport() throws InvalidArgumentException, MismatchedRoleException {
+  public TimestampReport buildReport() throws InvalidArgumentException, NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/WorkbasketPriorityReportBuilderImpl.java

@@ -6,7 +6,7 @@ import java.util.List;
 import pro.taskana.common.api.IntInterval;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.reports.WorkbasketPriorityReport;
@@ -123,7 +123,7 @@ public class WorkbasketPriorityReportBuilderImpl implements WorkbasketPriorityRe
   }
 
   @Override
-  public WorkbasketPriorityReport buildReport() throws MismatchedRoleException {
+  public WorkbasketPriorityReport buildReport() throws NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
 
     WorkbasketPriorityReport report = new WorkbasketPriorityReport(columnHeaders);

lib/taskana-core/src/main/java/pro/taskana/monitor/internal/reports/WorkbasketReportBuilderImpl.java

@@ -7,7 +7,7 @@ import java.util.stream.Collectors;
 
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
 import pro.taskana.monitor.api.TaskTimestamp;
@@ -34,13 +34,13 @@ public class WorkbasketReportBuilderImpl
   }
 
   @Override
-  public WorkbasketReport buildReport() throws InvalidArgumentException, MismatchedRoleException {
+  public WorkbasketReport buildReport() throws InvalidArgumentException, NotAuthorizedException {
     return buildReport(TaskTimestamp.DUE);
   }
 
   @Override
   public WorkbasketReport buildReport(TaskTimestamp timestamp)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     this.taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.MONITOR, TaskanaRole.ADMIN);
     try {
       this.taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/spi/history/api/TaskanaHistory.java

@@ -5,7 +5,7 @@ import java.util.List;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.spi.history.api.events.classification.ClassificationHistoryEvent;
 import pro.taskana.spi.history.api.events.task.TaskHistoryEvent;
 import pro.taskana.spi.history.api.events.workbasket.WorkbasketHistoryEvent;
@@ -46,9 +46,9 @@ public interface TaskanaHistory {
    *
    * @param taskIds the task ids for which all history events must be deleted
    * @throws InvalidArgumentException If the list of taskIds is null
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#ADMIN}
    */
   void deleteHistoryEventsByTaskIds(List<String> taskIds)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 }

lib/taskana-core/src/main/java/pro/taskana/task/api/TaskService.java

@@ -10,14 +10,14 @@ import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.spi.routing.api.TaskRoutingProvider;
 import pro.taskana.task.api.exceptions.AttachmentPersistenceException;
 import pro.taskana.task.api.exceptions.InvalidCallbackStateException;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
-import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
+import pro.taskana.task.api.exceptions.NotAuthorizedOnTaskCommentException;
 import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
@@ -27,7 +27,7 @@ import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskComment;
 import pro.taskana.workbasket.api.WorkbasketPermission;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
 
@@ -107,7 +107,7 @@ public interface TaskService {
    * @param taskToCreate the transient {@linkplain Task} to be inserted
    * @return the created and inserted {@linkplain Task}
    * @throws TaskAlreadyExistException if the {@linkplain Task} already exists
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#APPEND} for the {@linkplain Workbasket} the {@linkplain Task} is in
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} referenced by the
    *     {@linkplain Task#getWorkbasketSummary() workbasketSummary} of the {@linkplain Task} isn't
@@ -127,7 +127,7 @@ public interface TaskService {
   Task createTask(Task taskToCreate)
       throws WorkbasketNotFoundException, ClassificationNotFoundException,
           TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException;
+          ObjectReferencePersistenceException, NotAuthorizedOnWorkbasketException;
 
   // endregion
 
@@ -139,10 +139,10 @@ public interface TaskService {
    * @param taskId the {@linkplain Task#getId() id} of the {@linkplain Task}
    * @return the {@linkplain Task} with the specified taskId
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
-  Task getTask(String taskId) throws TaskNotFoundException, MismatchedWorkbasketPermissionException;
+  Task getTask(String taskId) throws TaskNotFoundException, NotAuthorizedOnWorkbasketException;
 
   // endregion
 
@@ -157,11 +157,11 @@ public interface TaskService {
    * @throws InvalidTaskStateException if the {@linkplain Task#getState() state} of the {@linkplain
    *     Task} with taskId isn't {@linkplain TaskState#READY}
    * @throws InvalidOwnerException if the {@linkplain Task} with taskId is claimed by some else
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task claim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -174,11 +174,11 @@ public interface TaskService {
    * @throws InvalidTaskStateException if the state of Task with taskId is in {@linkplain
    *     TaskState#END_STATES}
    * @throws InvalidOwnerException cannot be thrown
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task forceClaim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -187,11 +187,11 @@ public interface TaskService {
    * @param taskQuery the {@linkplain TaskQuery}
    * @return the {@linkplain Task} that got selected and claimed
    * @throws InvalidOwnerException if the {@linkplain Task} is claimed by someone else
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task selectAndClaim(TaskQuery taskQuery)
-      throws InvalidOwnerException, MismatchedWorkbasketPermissionException;
+      throws InvalidOwnerException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Cancel the claim of an existing {@linkplain Task} if it was claimed by the current user before.
@@ -203,11 +203,11 @@ public interface TaskService {
    * @throws InvalidTaskStateException if the {@linkplain Task} is already in one of the {@linkplain
    *     TaskState#END_STATES}
    * @throws InvalidOwnerException if the {@linkplain Task} is claimed by another user
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task cancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -220,11 +220,11 @@ public interface TaskService {
    * @throws InvalidTaskStateException if the {@linkplain Task} is already in one of the {@linkplain
    *     TaskState#END_STATES}
    * @throws InvalidOwnerException cannot be thrown
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task forceCancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -236,12 +236,12 @@ public interface TaskService {
    *     Task} with taskId is not in {@linkplain TaskState#CLAIMED}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidOwnerException if the {@linkplain Task} is claimed by another user
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task requestReview(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Request review for an existing {@linkplain Task} even if the current user is not the
@@ -253,12 +253,12 @@ public interface TaskService {
    *     Task} with taskId is one of the {@linkplain TaskState#END_STATES}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidOwnerException cannot be thrown
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task forceRequestReview(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Request changes for an existing {@linkplain Task} that is in {@linkplain TaskState#IN_REVIEW}.
@@ -271,12 +271,12 @@ public interface TaskService {
    *     Task} with taskId is not in {@linkplain TaskState#IN_REVIEW}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidOwnerException if the {@linkplain Task} is claimed by another user
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task requestChanges(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Request changes for an existing {@linkplain Task} even if the current user is not the
@@ -290,12 +290,12 @@ public interface TaskService {
    *     Task} with taskId is one of the {@linkplain TaskState#END_STATES}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidOwnerException cannot be thrown
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task forceRequestChanges(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Complete a claimed {@linkplain Task} as {@linkplain Task#getOwner() owner} or {@linkplain
@@ -312,11 +312,11 @@ public interface TaskService {
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidOwnerException if current user isn't the {@linkplain Task#getOwner() owner} of
    *     the {@linkplain Task} or {@linkplain TaskanaRole#ADMIN}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task completeTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -334,11 +334,11 @@ public interface TaskService {
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidOwnerException if current user isn't the {@linkplain Task#getOwner() owner} of
    *     the {@linkplain Task} or {@linkplain TaskanaRole#ADMIN}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task forceCompleteTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -381,12 +381,11 @@ public interface TaskService {
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidTaskStateException if the {@linkplain Task} isn't in {@linkplain
    *     TaskState#READY} or {@linkplain TaskState#CLAIMED}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task cancelTask(String taskId)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException, InvalidTaskStateException;
-          InvalidTaskStateException;
 
   /**
    * Terminates a {@linkplain Task}. Termination is an administrative action to complete a
@@ -399,14 +398,14 @@ public interface TaskService {
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws InvalidTaskStateException if the {@linkplain Task} isn't in {@linkplain
    *     TaskState#READY} or {@linkplain TaskState#CLAIMED}
-   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
+   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
    *     TaskanaRole#ADMIN} or {@linkplain TaskanaRole#TASK_ADMIN}
-   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have the correct
+   * @throws NotAuthorizedOnWorkbasketException If the current user doesn't have the correct
    *     permission
    */
   Task terminateTask(String taskId)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException;
+          InvalidTaskStateException;
 
   /**
    * Transfers a {@linkplain Task} to another {@linkplain Workbasket} while always setting
@@ -416,8 +415,8 @@ public interface TaskService {
    */
   @SuppressWarnings("checkstyle:JavadocMethod")
   default Task transfer(String taskId, String destinationWorkbasketId)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     return transfer(taskId, destinationWorkbasketId, true);
   }
 
@@ -436,15 +435,15 @@ public interface TaskService {
    * @return the transferred {@linkplain Task}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
    * @throws WorkbasketNotFoundException if the target {@linkplain Workbasket} was not found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
    *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
    * @throws InvalidTaskStateException if the {@linkplain Task} is in one of the {@linkplain
    *     TaskState#END_STATES}
    */
   Task transfer(String taskId, String destinationWorkbasketId, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException;
+          InvalidTaskStateException;
 
   /**
    * Transfers a {@linkplain Task} to another {@linkplain Workbasket} while always setting
@@ -454,8 +453,8 @@ public interface TaskService {
    */
   @SuppressWarnings("checkstyle:JavadocMethod")
   default Task transfer(String taskId, String workbasketKey, String domain)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     return transfer(taskId, workbasketKey, domain, true);
   }
 
@@ -476,15 +475,15 @@ public interface TaskService {
    * @return the transferred {@linkplain Task}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId was not found
    * @throws WorkbasketNotFoundException if the target {@linkplain Workbasket} was not found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
    *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
    * @throws InvalidTaskStateException if the {@linkplain Task} is in one of the {@linkplain
    *     TaskState#END_STATES}
    */
   Task transfer(String taskId, String workbasketKey, String domain, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException;
+          InvalidTaskStateException;
 
   /**
    * Transfers a List of {@linkplain Task Tasks} to another {@linkplain Workbasket} while always
@@ -496,7 +495,7 @@ public interface TaskService {
   default BulkOperationResults<String, TaskanaException> transferTasks(
       String destinationWorkbasketId, List<String> taskIds)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return transferTasks(destinationWorkbasketId, taskIds, true);
   }
 
@@ -514,7 +513,7 @@ public interface TaskService {
    * @param setTransferFlag controls whether to set {@linkplain Task#isTransferred() isTransferred}
    *     or not
    * @return Bulkresult with {@linkplain Task#getId() ids} and Error for each failed transactions
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
    *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
    * @throws InvalidArgumentException if the method parameters are empty or NULL
@@ -523,7 +522,7 @@ public interface TaskService {
   BulkOperationResults<String, TaskanaException> transferTasks(
       String destinationWorkbasketId, List<String> taskIds, boolean setTransferFlag)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Transfers a List of {@linkplain Task Tasks} to another {@linkplain Workbasket} while always
@@ -535,7 +534,7 @@ public interface TaskService {
   default BulkOperationResults<String, TaskanaException> transferTasks(
       String destinationWorkbasketKey, String destinationWorkbasketDomain, List<String> taskIds)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return transferTasks(destinationWorkbasketKey, destinationWorkbasketDomain, taskIds, true);
   }
 
@@ -554,7 +553,7 @@ public interface TaskService {
    * @param setTransferFlag controls whether to set {@linkplain Task#isTransferred() isTransferred}
    *     or not
    * @return BulkResult with {@linkplain Task#getId() ids} and Error for each failed transactions
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the source {@linkplain Workbasket} or no {@linkplain
    *     WorkbasketPermission#TRANSFER} for the target {@linkplain Workbasket}
    * @throws InvalidArgumentException if the method parameters are empty or NULL
@@ -566,7 +565,7 @@ public interface TaskService {
       List<String> taskIds,
       boolean setTransferFlag)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Update a {@linkplain Task}.
@@ -584,7 +583,7 @@ public interface TaskService {
    * @throws ClassificationNotFoundException if the {@linkplain Task#getClassificationSummary()
    *     classificationSummary} of the updated {@linkplain Task} refers to a {@link Classification}
    *     that can't be found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    * @throws AttachmentPersistenceException if an {@linkplain Attachment} with the same {@linkplain
    *     Attachment#getId() id} was added to the {@linkplain Task} multiple times without using
@@ -599,7 +598,7 @@ public interface TaskService {
   Task updateTask(Task task)
       throws InvalidArgumentException, TaskNotFoundException, ConcurrencyException,
           ClassificationNotFoundException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException,
+          ObjectReferencePersistenceException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException;
 
   /**
@@ -643,11 +642,11 @@ public interface TaskService {
    * @param isRead the new status of {@linkplain Task#isRead() isRead}
    * @return the updated {@linkplain Task}
    * @throws TaskNotFoundException if the {@linkplain Task} with taskId wasn't found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the {@linkplain Task} is in
    */
   Task setTaskRead(String taskId, boolean isRead)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException;
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Sets the specified {@linkplain CallbackState} on a List of {@linkplain Task Tasks}.
@@ -705,21 +704,19 @@ public interface TaskService {
    * Deletes the {@linkplain Task} with the given {@linkplain Task#getId() id}.
    *
    * @param taskId The {@linkplain Task#getId() id} of the {@linkplain Task} to delete
-   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have correct
+   * @throws NotAuthorizedOnWorkbasketException If the current user doesn't have correct permission
-   *     permission
    * @throws TaskNotFoundException If the given {@linkplain Task#getId() id} doesn't refer to an
    *     existing {@linkplain Task}
    * @throws InvalidTaskStateException If the {@linkplain Task#getState() state} of the referenced
    *     {@linkplain Task} isn't one of the {@linkplain TaskState#END_STATES}
-   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
+   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
    *     TaskanaRole#ADMIN}
    * @throws InvalidCallbackStateException the Callback State of the Task is {@linkplain
    *     CallbackState#CALLBACK_PROCESSING_REQUIRED}
    */
   void deleteTask(String taskId)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
+          InvalidTaskStateException, InvalidCallbackStateException;
-          InvalidCallbackStateException;
 
   /**
    * Deletes the {@linkplain Task} with the given {@linkplain Task#getId() id} even if it isn't
@@ -731,17 +728,15 @@ public interface TaskService {
    * @throws InvalidTaskStateException if the {@linkplain Task#getState() state} of the referenced
    *     {@linkplain Task} isn't {@linkplain TaskState#TERMINATED} or {@linkplain
    *     TaskState#CANCELLED}
-   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have correct
+   * @throws NotAuthorizedOnWorkbasketException If the current user doesn't have correct permissions
-   *     permissions
+   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
-   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
    *     TaskanaRole#ADMIN}
    * @throws InvalidCallbackStateException the Callback State of the Task is {@linkplain
    *     CallbackState#CALLBACK_PROCESSING_REQUIRED}
    */
   void forceDeleteTask(String taskId)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
+          InvalidTaskStateException, InvalidCallbackStateException;
-          InvalidCallbackStateException;
 
   /**
    * Deletes a List of {@linkplain Task Tasks}.
@@ -750,11 +745,11 @@ public interface TaskService {
    * @return the result of the operations with each {@linkplain Task#getId() id} and Exception for
    *     each failed deletion
    * @throws InvalidArgumentException if the tasks parameter contains NULL values
-   * @throws MismatchedRoleException if the current user isn't member of {@linkplain
+   * @throws NotAuthorizedException if the current user isn't member of {@linkplain
    *     TaskanaRole#ADMIN}
    */
   BulkOperationResults<String, TaskanaException> deleteTasks(List<String> tasks)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 
   // endregion
 
@@ -777,7 +772,7 @@ public interface TaskService {
    *
    * @param taskComment the {@linkplain TaskComment} to be created
    * @return the created {@linkplain TaskComment}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
    *     Task}.
    * @throws TaskNotFoundException if the given {@linkplain TaskComment#getTaskId() taskId} doesn't
@@ -786,8 +781,7 @@ public interface TaskService {
    *     {@link TaskComment} is neither NULL nor empty
    */
   TaskComment createTaskComment(TaskComment taskComment)
-      throws TaskNotFoundException, InvalidArgumentException,
+      throws TaskNotFoundException, InvalidArgumentException, NotAuthorizedOnWorkbasketException;
-          MismatchedWorkbasketPermissionException;
 
   // endregion
 
@@ -801,7 +795,7 @@ public interface TaskService {
    * @return the {@linkplain TaskComment} identified by taskCommentId
    * @throws TaskCommentNotFoundException if the given taskCommentId doesn't refer to an existing
    *     {@linkplain TaskComment}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
    *     Task}
    * @throws TaskNotFoundException if the {@linkplain TaskComment#getTaskId() taskId} of the
@@ -810,7 +804,7 @@ public interface TaskService {
    */
   TaskComment getTaskComment(String taskCommentId)
       throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   /**
    * Retrieves the List of {@linkplain TaskComment TaskComments} for the {@linkplain Task} with
@@ -820,14 +814,14 @@ public interface TaskService {
    *     {@linkplain TaskComment TaskComments} should be retrieved
    * @return the List of {@linkplain TaskComment TaskComments} attached to the specified {@linkplain
    *     Task}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
    *     Task}
    * @throws TaskNotFoundException if the given taskId doesn't refer to an existing {@linkplain
    *     Task}
    */
   List<TaskComment> getTaskComments(String taskId)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException;
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException;
 
   // endregion
 
@@ -838,7 +832,7 @@ public interface TaskService {
    *
    * @param taskComment the {@linkplain TaskComment} to be updated in the database
    * @return the updated {@linkplain TaskComment}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} of the commented {@linkplain
    *     Task}.
    * @throws ConcurrencyException if an attempt is made to update the {@linkplain TaskComment} and
@@ -850,13 +844,13 @@ public interface TaskService {
    *     to an existing {@linkplain Task}
    * @throws InvalidArgumentException if the {@linkplain TaskComment#getId() id} of the specified
    *     {@linkplain TaskComment} is NULL or empty
-   * @throws MismatchedTaskCommentCreatorException If the current user doesn't have correct
+   * @throws NotAuthorizedOnTaskCommentException If the current user doesn't have correct
    *     permissions
    */
   TaskComment updateTaskComment(TaskComment taskComment)
       throws ConcurrencyException, TaskCommentNotFoundException, TaskNotFoundException,
-          InvalidArgumentException, MismatchedTaskCommentCreatorException,
+          InvalidArgumentException, NotAuthorizedOnTaskCommentException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   // endregion
 
@@ -873,15 +867,15 @@ public interface TaskService {
    * @throws TaskNotFoundException if the {@linkplain TaskComment#getTaskId() taskId} of the
    *     TaskComment doesn't refer to an existing {@linkplain Task}
    * @throws InvalidArgumentException if the given taskCommentId is NULL or empty
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the {@linkplain Workbasket} the commented {@linkplain Task}
    *     is in
-   * @throws MismatchedTaskCommentCreatorException if the current user is not the {@linkplain
+   * @throws NotAuthorizedOnTaskCommentException if the current user is not the {@linkplain
    *     TaskComment#getCreator() creator} of the {@linkplain TaskComment}.
    */
   void deleteTaskComment(String taskCommentId)
       throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          MismatchedTaskCommentCreatorException, MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnTaskCommentException, NotAuthorizedOnWorkbasketException;
 
   // endregion
 

lib/taskana-core/src/main/java/pro/taskana/task/api/exceptions/NotAuthorizedOnTaskCommentException.java

@@ -9,13 +9,13 @@ import pro.taskana.task.api.models.TaskComment;
  * This exception is thrown when the current user is not the creator of the {@linkplain TaskComment}
  * it tries to modify.
  */
-public class MismatchedTaskCommentCreatorException extends TaskanaException {
+public class NotAuthorizedOnTaskCommentException extends TaskanaException {
 
-  public static final String ERROR_KEY = "TASK_COMMENT_CREATOR_MISMATCHED";
+  public static final String ERROR_KEY = "NOT_AUTHORIZED_ON_TASK_COMMENT";
   private final String currentUserId;
   private final String taskCommentId;
 
-  public MismatchedTaskCommentCreatorException(String currentUserId, String taskCommentId) {
+  public NotAuthorizedOnTaskCommentException(String currentUserId, String taskCommentId) {
     super(
         String.format(
             "Not authorized. Current user '%s' is not the creator of TaskComment with id '%s'.",

lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentQueryImpl.java

@@ -14,7 +14,7 @@ import pro.taskana.task.api.TaskCommentQuery;
 import pro.taskana.task.api.TaskCommentQueryColumnName;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
 import pro.taskana.workbasket.internal.WorkbasketQueryImpl;
 
@@ -307,7 +307,7 @@ public class TaskCommentQueryImpl implements TaskCommentQuery {
               taskId -> {
                 try {
                   taskService.getTask(taskId);
-                } catch (MismatchedWorkbasketPermissionException e) {
+                } catch (NotAuthorizedOnWorkbasketException e) {
                   throw new NotAuthorizedToQueryWorkbasketException(
                       e.getMessage(), e.getErrorCode(), e);
                 } catch (TaskNotFoundException e) {

lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskCommentServiceImpl.java

@@ -11,14 +11,14 @@ import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
-import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
+import pro.taskana.task.api.exceptions.NotAuthorizedOnTaskCommentException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
 import pro.taskana.task.internal.models.TaskCommentImpl;
 import pro.taskana.user.api.models.User;
 import pro.taskana.user.internal.UserMapper;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 class TaskCommentServiceImpl {
 
@@ -50,8 +50,8 @@ class TaskCommentServiceImpl {
 
   TaskComment updateTaskComment(TaskComment taskCommentToUpdate)
       throws ConcurrencyException, TaskCommentNotFoundException, TaskNotFoundException,
-          InvalidArgumentException, MismatchedTaskCommentCreatorException,
+          InvalidArgumentException, NotAuthorizedOnTaskCommentException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
 
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
 
@@ -82,7 +82,7 @@ class TaskCommentServiceImpl {
         }
 
       } else {
-        throw new MismatchedTaskCommentCreatorException(userId, taskCommentImplToUpdate.getId());
+        throw new NotAuthorizedOnTaskCommentException(userId, taskCommentImplToUpdate.getId());
       }
     } finally {
       taskanaEngine.returnConnection();
@@ -92,8 +92,7 @@ class TaskCommentServiceImpl {
   }
 
   TaskComment createTaskComment(TaskComment taskCommentToCreate)
-      throws TaskNotFoundException, InvalidArgumentException,
+      throws TaskNotFoundException, InvalidArgumentException, NotAuthorizedOnWorkbasketException {
-          MismatchedWorkbasketPermissionException {
 
     TaskCommentImpl taskCommentImplToCreate = (TaskCommentImpl) taskCommentToCreate;
 
@@ -118,7 +117,7 @@ class TaskCommentServiceImpl {
 
   void deleteTaskComment(String taskCommentId)
       throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          MismatchedTaskCommentCreatorException, MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnTaskCommentException, NotAuthorizedOnWorkbasketException {
 
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
 
@@ -139,7 +138,7 @@ class TaskCommentServiceImpl {
         }
 
       } else {
-        throw new MismatchedTaskCommentCreatorException(userId, taskCommentToDelete.getId());
+        throw new NotAuthorizedOnTaskCommentException(userId, taskCommentToDelete.getId());
       }
 
     } finally {
@@ -148,7 +147,7 @@ class TaskCommentServiceImpl {
   }
 
   List<TaskComment> getTaskComments(String taskId)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException {
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException {
 
     try {
 
@@ -171,7 +170,7 @@ class TaskCommentServiceImpl {
 
   TaskComment getTaskComment(String taskCommentId)
       throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
 
     TaskCommentImpl result;
 

lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskQueryImpl.java

@@ -29,7 +29,7 @@ import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.task.internal.models.TaskSummaryImpl;
 import pro.taskana.workbasket.api.WorkbasketPermission;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.NotAuthorizedToQueryWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.internal.WorkbasketQueryImpl;
@@ -709,7 +709,6 @@ public class TaskQueryImpl implements TaskQuery {
     return this;
   }
 
-
   @Override
   public TaskQuery classificationCategoryIn(String... classificationCategories) {
     this.classificationCategoryIn = classificationCategories;
@@ -2197,13 +2196,13 @@ public class TaskQueryImpl implements TaskQuery {
           checkOpenAndReadPermissionByKeyDomain(keyDomain);
         }
       }
-    } catch (MismatchedWorkbasketPermissionException e) {
+    } catch (NotAuthorizedOnWorkbasketException e) {
       throw new NotAuthorizedToQueryWorkbasketException(e.getMessage(), e.getErrorCode(), e);
     }
   }
 
   private void checkOpenAndReadPermissionById(String workbasketId)
-      throws MismatchedWorkbasketPermissionException {
+      throws NotAuthorizedOnWorkbasketException {
     try {
       taskanaEngine
           .getEngine()
@@ -2216,7 +2215,7 @@ public class TaskQueryImpl implements TaskQuery {
   }
 
   private void checkOpenAndReadPermissionByKeyDomain(KeyDomain keyDomain)
-      throws MismatchedWorkbasketPermissionException {
+      throws NotAuthorizedOnWorkbasketException {
     try {
       taskanaEngine
           .getEngine()

lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskServiceImpl.java

@@ -31,7 +31,7 @@ import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
@@ -68,7 +68,7 @@ import pro.taskana.task.api.exceptions.AttachmentPersistenceException;
 import pro.taskana.task.api.exceptions.InvalidCallbackStateException;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
-import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
+import pro.taskana.task.api.exceptions.NotAuthorizedOnTaskCommentException;
 import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
@@ -90,7 +90,7 @@ import pro.taskana.user.api.models.User;
 import pro.taskana.user.internal.UserMapper;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
@@ -157,28 +157,28 @@ public class TaskServiceImpl implements TaskService {
 
   @Override
   public Task claim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     return claim(taskId, false);
   }
 
   @Override
   public Task forceClaim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     return claim(taskId, true);
   }
 
   @Override
   public Task cancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     return this.cancelClaim(taskId, false);
   }
 
   @Override
   public Task forceCancelClaim(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     return this.cancelClaim(taskId, true);
   }
@@ -186,41 +186,41 @@ public class TaskServiceImpl implements TaskService {
   @Override
   public Task requestReview(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return requestReview(taskId, false);
   }
 
   @Override
   public Task forceRequestReview(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return requestReview(taskId, true);
   }
 
   @Override
   public Task requestChanges(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return requestChanges(taskId, false);
   }
 
   @Override
   public Task forceRequestChanges(String taskId)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return requestChanges(taskId, true);
   }
 
   @Override
   public Task completeTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     return completeTask(taskId, false);
   }
 
   @Override
   public Task forceCompleteTask(String taskId)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     return completeTask(taskId, true);
   }
@@ -229,7 +229,7 @@ public class TaskServiceImpl implements TaskService {
   public Task createTask(Task taskToCreate)
       throws WorkbasketNotFoundException, ClassificationNotFoundException,
           TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException {
+          ObjectReferencePersistenceException, NotAuthorizedOnWorkbasketException {
 
     if (createTaskPreprocessorManager.isEnabled()) {
       taskToCreate = createTaskPreprocessorManager.processTaskBeforeCreation(taskToCreate);
@@ -347,8 +347,7 @@ public class TaskServiceImpl implements TaskService {
   }
 
   @Override
-  public Task getTask(String id)
+  public Task getTask(String id) throws NotAuthorizedOnWorkbasketException, TaskNotFoundException {
-      throws MismatchedWorkbasketPermissionException, TaskNotFoundException {
     try {
       taskanaEngine.openConnection();
 
@@ -359,7 +358,7 @@ public class TaskServiceImpl implements TaskService {
         String workbasketId = resultTask.getWorkbasketSummary().getId();
         List<WorkbasketSummary> workbaskets = query.idIn(workbasketId).list();
         if (workbaskets.isEmpty()) {
-          throw new MismatchedWorkbasketPermissionException(
+          throw new NotAuthorizedOnWorkbasketException(
               taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
               workbasketId,
               WorkbasketPermission.READ);
@@ -410,21 +409,21 @@ public class TaskServiceImpl implements TaskService {
 
   @Override
   public Task transfer(String taskId, String destinationWorkbasketId, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     return taskTransferrer.transfer(taskId, destinationWorkbasketId, setTransferFlag);
   }
 
   @Override
   public Task transfer(String taskId, String workbasketKey, String domain, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     return taskTransferrer.transfer(taskId, workbasketKey, domain, setTransferFlag);
   }
 
   @Override
   public Task setTaskRead(String taskId, boolean isRead)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException {
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException {
     TaskImpl task;
     try {
       taskanaEngine.openConnection();
@@ -501,7 +500,7 @@ public class TaskServiceImpl implements TaskService {
   public Task updateTask(Task task)
       throws InvalidArgumentException, TaskNotFoundException, ConcurrencyException,
           AttachmentPersistenceException, ObjectReferencePersistenceException,
-          ClassificationNotFoundException, MismatchedWorkbasketPermissionException,
+          ClassificationNotFoundException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
     TaskImpl newTaskImpl = (TaskImpl) task;
@@ -551,7 +550,7 @@ public class TaskServiceImpl implements TaskService {
   public BulkOperationResults<String, TaskanaException> transferTasks(
       String destinationWorkbasketId, List<String> taskIds, boolean setTransferFlag)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return taskTransferrer.transfer(taskIds, destinationWorkbasketId, setTransferFlag);
   }
 
@@ -562,30 +561,28 @@ public class TaskServiceImpl implements TaskService {
       List<String> taskIds,
       boolean setTransferFlag)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return taskTransferrer.transfer(
         taskIds, destinationWorkbasketKey, destinationWorkbasketDomain, setTransferFlag);
   }
 
   @Override
   public void deleteTask(String taskId)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
+          InvalidTaskStateException, InvalidCallbackStateException {
-          InvalidCallbackStateException {
     deleteTask(taskId, false);
   }
 
   @Override
   public void forceDeleteTask(String taskId)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
+          InvalidTaskStateException, InvalidCallbackStateException {
-          InvalidCallbackStateException {
     deleteTask(taskId, true);
   }
 
   @Override
   public Task selectAndClaim(TaskQuery taskQuery)
-      throws InvalidOwnerException, MismatchedWorkbasketPermissionException {
+      throws InvalidOwnerException, NotAuthorizedOnWorkbasketException {
 
     try {
 
@@ -612,7 +609,7 @@ public class TaskServiceImpl implements TaskService {
 
   @Override
   public BulkOperationResults<String, TaskanaException> deleteTasks(List<String> taskIds)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN);
 
@@ -738,36 +735,35 @@ public class TaskServiceImpl implements TaskService {
 
   @Override
   public TaskComment createTaskComment(TaskComment taskComment)
-      throws TaskNotFoundException, InvalidArgumentException,
+      throws TaskNotFoundException, InvalidArgumentException, NotAuthorizedOnWorkbasketException {
-          MismatchedWorkbasketPermissionException {
     return taskCommentService.createTaskComment(taskComment);
   }
 
   @Override
   public TaskComment updateTaskComment(TaskComment taskComment)
       throws ConcurrencyException, TaskCommentNotFoundException, TaskNotFoundException,
-          InvalidArgumentException, MismatchedTaskCommentCreatorException,
+          InvalidArgumentException, NotAuthorizedOnTaskCommentException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return taskCommentService.updateTaskComment(taskComment);
   }
 
   @Override
   public void deleteTaskComment(String taskCommentId)
       throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          MismatchedTaskCommentCreatorException, MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnTaskCommentException, NotAuthorizedOnWorkbasketException {
     taskCommentService.deleteTaskComment(taskCommentId);
   }
 
   @Override
   public TaskComment getTaskComment(String taskCommentid)
       throws TaskCommentNotFoundException, TaskNotFoundException, InvalidArgumentException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     return taskCommentService.getTaskComment(taskCommentid);
   }
 
   @Override
   public List<TaskComment> getTaskComments(String taskId)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException {
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException {
 
     return taskCommentService.getTaskComments(taskId);
   }
@@ -861,8 +857,7 @@ public class TaskServiceImpl implements TaskService {
 
   @Override
   public Task cancelTask(String taskId)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException, InvalidTaskStateException {
-          InvalidTaskStateException {
 
     Task cancelledTask;
 
@@ -886,8 +881,8 @@ public class TaskServiceImpl implements TaskService {
 
   @Override
   public Task terminateTask(String taskId)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.TASK_ADMIN);
 
@@ -1004,7 +999,7 @@ public class TaskServiceImpl implements TaskService {
       for (Pair<String, String> taskAndWorkbasketIds : taskAndWorkbasketIdsNotAuthorizedFor) {
         bulkLog.addError(
             taskAndWorkbasketIds.getLeft(),
-            new MismatchedWorkbasketPermissionException(
+            new NotAuthorizedOnWorkbasketException(
                 userId, taskAndWorkbasketIds.getRight(), WorkbasketPermission.READ));
       }
 
@@ -1199,8 +1194,7 @@ public class TaskServiceImpl implements TaskService {
   }
 
   private TaskImpl terminateCancelCommonActions(String taskId, TaskState targetState)
-      throws TaskNotFoundException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, NotAuthorizedOnWorkbasketException, InvalidTaskStateException {
-          InvalidTaskStateException {
     if (taskId == null || taskId.isEmpty()) {
       throw new TaskNotFoundException(taskId);
     }
@@ -1225,7 +1219,7 @@ public class TaskServiceImpl implements TaskService {
   }
 
   private Task claim(String taskId, boolean forceClaim)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
     String userLongName = null;
@@ -1268,7 +1262,7 @@ public class TaskServiceImpl implements TaskService {
 
   private Task requestReview(String taskId, boolean force)
       throws TaskNotFoundException, InvalidTaskStateException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
     TaskImpl task;
     try {
@@ -1319,7 +1313,7 @@ public class TaskServiceImpl implements TaskService {
 
   private Task requestChanges(String taskId, boolean force)
       throws InvalidTaskStateException, TaskNotFoundException, InvalidOwnerException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
     TaskImpl task;
     try {
@@ -1447,7 +1441,7 @@ public class TaskServiceImpl implements TaskService {
   }
 
   private Task cancelClaim(String taskId, boolean forceUnclaim)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
     TaskImpl task;
@@ -1491,7 +1485,7 @@ public class TaskServiceImpl implements TaskService {
   }
 
   private Task completeTask(String taskId, boolean isForced)
-      throws TaskNotFoundException, InvalidOwnerException, MismatchedWorkbasketPermissionException,
+      throws TaskNotFoundException, InvalidOwnerException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     String userId = taskanaEngine.getEngine().getCurrentUserContext().getUserid();
     TaskImpl task;
@@ -1534,9 +1528,8 @@ public class TaskServiceImpl implements TaskService {
   }
 
   private void deleteTask(String taskId, boolean forceDelete)
-      throws TaskNotFoundException, MismatchedRoleException,
+      throws TaskNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException,
+          InvalidTaskStateException, InvalidCallbackStateException {
-          InvalidCallbackStateException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN);
     TaskImpl task;
     try {

lib/taskana-core/src/main/java/pro/taskana/task/internal/TaskTransferrer.java

@@ -31,7 +31,7 @@ import pro.taskana.task.internal.models.TaskImpl;
 import pro.taskana.task.internal.models.TaskSummaryImpl;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 import pro.taskana.workbasket.internal.WorkbasketQueryImpl;
@@ -55,8 +55,8 @@ final class TaskTransferrer {
   }
 
   Task transfer(String taskId, String destinationWorkbasketId, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     WorkbasketSummary destinationWorkbasket =
         workbasketService.getWorkbasket(destinationWorkbasketId).asSummary();
     return transferSingleTask(taskId, destinationWorkbasket, setTransferFlag);
@@ -67,8 +67,8 @@ final class TaskTransferrer {
       String destinationWorkbasketKey,
       String destinationDomain,
       boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     WorkbasketSummary destinationWorkbasket =
         workbasketService.getWorkbasket(destinationWorkbasketKey, destinationDomain).asSummary();
     return transferSingleTask(taskId, destinationWorkbasket, setTransferFlag);
@@ -77,7 +77,7 @@ final class TaskTransferrer {
   BulkOperationResults<String, TaskanaException> transfer(
       List<String> taskIds, String destinationWorkbasketId, boolean setTransferFlag)
       throws WorkbasketNotFoundException, InvalidArgumentException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     WorkbasketSummary destinationWorkbasket =
         workbasketService.getWorkbasket(destinationWorkbasketId).asSummary();
     checkDestinationWorkbasket(destinationWorkbasket);
@@ -91,7 +91,7 @@ final class TaskTransferrer {
       String destinationDomain,
       boolean setTransferFlag)
       throws WorkbasketNotFoundException, InvalidArgumentException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     WorkbasketSummary destinationWorkbasket =
         workbasketService.getWorkbasket(destinationWorkbasketKey, destinationDomain).asSummary();
     checkDestinationWorkbasket(destinationWorkbasket);
@@ -101,8 +101,8 @@ final class TaskTransferrer {
 
   private Task transferSingleTask(
       String taskId, WorkbasketSummary destinationWorkbasket, boolean setTransferFlag)
-      throws TaskNotFoundException, WorkbasketNotFoundException,
+      throws TaskNotFoundException, WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
-          MismatchedWorkbasketPermissionException, InvalidTaskStateException {
+          InvalidTaskStateException {
     try {
       taskanaEngine.openConnection();
       TaskImpl task = (TaskImpl) taskService.getTask(taskId);
@@ -157,7 +157,7 @@ final class TaskTransferrer {
 
   private void checkPreconditionsForTransferTask(
       Task task, WorkbasketSummary destinationWorkbasket, WorkbasketSummary originWorkbasket)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException,
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException,
           InvalidTaskStateException {
     if (task.getState().isEndState()) {
       throw new InvalidTaskStateException(
@@ -168,7 +168,7 @@ final class TaskTransferrer {
   }
 
   private void checkDestinationWorkbasket(WorkbasketSummary destinationWorkbasket)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     workbasketService.checkAuthorization(
         destinationWorkbasket.getId(), WorkbasketPermission.APPEND);
 
@@ -215,7 +215,7 @@ final class TaskTransferrer {
               taskId, taskSummary.getState(), EnumUtil.allValuesExceptFor(TaskState.END_STATES));
     } else if (!sourceWorkbasketIds.contains(taskSummary.getWorkbasketSummary().getId())) {
       error =
-          new MismatchedWorkbasketPermissionException(
+          new NotAuthorizedOnWorkbasketException(
               taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
               taskSummary.getWorkbasketSummary().getId(),
               WorkbasketPermission.TRANSFER);

lib/taskana-core/src/main/java/pro/taskana/task/internal/jobs/TaskCleanupJob.java

@@ -18,7 +18,7 @@ import pro.taskana.common.api.ScheduledJob;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.jobs.AbstractTaskanaJob;
@@ -132,7 +132,7 @@ public class TaskCleanupJob extends AbstractTaskanaJob {
   }
 
   private int deleteTasks(List<TaskSummary> tasksToBeDeleted)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
 
     List<String> tasksIdsToBeDeleted =
         tasksToBeDeleted.stream().map(TaskSummary::getId).collect(Collectors.toList());

lib/taskana-core/src/main/java/pro/taskana/user/api/UserService.java

@@ -4,7 +4,7 @@ import java.util.List;
 import java.util.Set;
 
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
 import pro.taskana.user.api.exceptions.UserNotFoundException;
 import pro.taskana.user.api.models.User;
@@ -41,14 +41,14 @@ public interface UserService {
    * @param userToCreate the {@linkplain User} which should be inserted
    * @return the inserted {@linkplain User}
    * @throws InvalidArgumentException if some fields are not set properly
-   * @throws MismatchedRoleException if the current user is not {@linkplain
+   * @throws NotAuthorizedException if the current user is not {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    * @throws UserAlreadyExistException if there already exists a {@linkplain User} with the
    *     specified {@linkplain User#getId() id} inside the database
    */
   User createUser(User userToCreate)
-      throws InvalidArgumentException, UserAlreadyExistException, MismatchedRoleException;
+      throws InvalidArgumentException, UserAlreadyExistException, NotAuthorizedException;
 
   /**
    * Gets a {@linkplain User}.
@@ -85,7 +85,7 @@ public interface UserService {
    *
    * @param userToUpdate the {@linkplain User} which should be updated
    * @return the updated {@linkplain User}
-   * @throws MismatchedRoleException if the current user is not {@linkplain
+   * @throws NotAuthorizedException if the current user is not {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    * @throws UserNotFoundException if there does not exist a {@linkplain User} with the specified
@@ -93,7 +93,7 @@ public interface UserService {
    * @throws InvalidArgumentException if some fields are not set properly
    */
   User updateUser(User userToUpdate)
-      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException;
+      throws UserNotFoundException, InvalidArgumentException, NotAuthorizedException;
 
   /**
    * Deletes a {@linkplain User}.
@@ -103,7 +103,7 @@ public interface UserService {
    * gets deleted.
    *
    * @param id the {@linkplain User#getId() id} of the {@linkplain User} which should be deleted
-   * @throws MismatchedRoleException if the current user is not {@linkplain
+   * @throws NotAuthorizedException if the current user is not {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    * @throws UserNotFoundException if there does not exist a {@linkplain User} with the specified
@@ -111,5 +111,5 @@ public interface UserService {
    * @throws InvalidArgumentException if the userIds parameter is NULL or empty
    */
   void deleteUser(String id)
-      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException;
+      throws UserNotFoundException, InvalidArgumentException, NotAuthorizedException;
 }

lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java

@@ -15,7 +15,7 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.BaseQuery.SortDirection;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.user.api.UserService;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
@@ -90,7 +90,7 @@ public class UserServiceImpl implements UserService {
 
   @Override
   public User createUser(User userToCreate)
-      throws InvalidArgumentException, UserAlreadyExistException, MismatchedRoleException {
+      throws InvalidArgumentException, UserAlreadyExistException, NotAuthorizedException {
     internalTaskanaEngine
         .getEngine()
         .checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@@ -107,7 +107,7 @@ public class UserServiceImpl implements UserService {
 
   @Override
   public User updateUser(User userToUpdate)
-      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException {
+      throws UserNotFoundException, InvalidArgumentException, NotAuthorizedException {
     internalTaskanaEngine
         .getEngine()
         .checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
@@ -132,7 +132,7 @@ public class UserServiceImpl implements UserService {
 
   @Override
   public void deleteUser(String id)
-      throws UserNotFoundException, InvalidArgumentException, MismatchedRoleException {
+      throws UserNotFoundException, InvalidArgumentException, NotAuthorizedException {
     internalTaskanaEngine
         .getEngine()
         .checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);

lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketQuery.java

@@ -6,7 +6,7 @@ import pro.taskana.common.api.BaseQuery;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
 /** WorkitemQuery for generating dynamic sql. */
@@ -152,12 +152,12 @@ public interface WorkbasketQuery extends BaseQuery<WorkbasketSummary, Workbasket
    * @param accessIds Users which should be checked for given permissions on workbaskets.
    * @return the current query object.
    * @throws InvalidArgumentException if permissions OR the accessIds are NULL or empty.
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    */
   WorkbasketQuery accessIdsHavePermissions(
       List<WorkbasketPermission> permissions, String... accessIds)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 
   /**
    * Add condition to query if the caller (one of the accessIds of the caller) has the given

lib/taskana-core/src/main/java/pro/taskana/workbasket/api/WorkbasketService.java

@@ -7,10 +7,10 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.user.api.models.User;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAccessItemAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketInUseException;
@@ -49,7 +49,7 @@ public interface WorkbasketService {
    * @return the created and inserted {@linkplain Workbasket}
    * @throws InvalidArgumentException If a required property of the {@linkplain Workbasket} is not
    *     set.
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    * @throws WorkbasketAlreadyExistException if the {@linkplain Workbasket} exists already
@@ -58,7 +58,7 @@ public interface WorkbasketService {
    */
   Workbasket createWorkbasket(Workbasket workbasket)
       throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          MismatchedRoleException;
+          NotAuthorizedException;
 
   // READ
 
@@ -71,11 +71,11 @@ public interface WorkbasketService {
    * @return the requested Workbasket
    * @throws WorkbasketNotFoundException If the {@linkplain Workbasket} with workbasketId is not
    *     found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the requested {@linkplain Workbasket}
    */
   Workbasket getWorkbasket(String workbasketId)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Get the {@linkplain Workbasket} specified by the given {@linkplain WorkbasketSummary#getKey()
@@ -88,11 +88,11 @@ public interface WorkbasketService {
    * @return the requested {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException If the {@linkplain Workbasket} with workbasketId is not
    *     found
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ} for the requested {@linkplain Workbasket}
    */
   Workbasket getWorkbasket(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   // UPDATE
 
@@ -103,8 +103,8 @@ public interface WorkbasketService {
    * @return the updated {@linkplain Workbasket}
    * @throws InvalidArgumentException if {@linkplain Workbasket#getName() name} or {@linkplain
    *     Workbasket#getType() type} of the {@linkplain Workbasket} is invalid
-   * @throws MismatchedWorkbasketPermissionException This is never thrown
+   * @throws NotAuthorizedOnWorkbasketException This is never thrown
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} cannot be found.
    * @throws ConcurrencyException if an attempt is made to update the {@linkplain Workbasket} and
@@ -113,7 +113,7 @@ public interface WorkbasketService {
    */
   Workbasket updateWorkbasket(Workbasket workbasket)
       throws InvalidArgumentException, WorkbasketNotFoundException, ConcurrencyException,
-          MismatchedRoleException, MismatchedWorkbasketPermissionException;
+          NotAuthorizedException, NotAuthorizedOnWorkbasketException;
 
   // DELETE
 
@@ -124,8 +124,8 @@ public interface WorkbasketService {
    *     should be deleted.
    * @return true if the {@linkplain Workbasket} was deleted successfully; false if the {@linkplain
    *     Workbasket} is marked for deletion
-   * @throws MismatchedWorkbasketPermissionException This is never thrown
+   * @throws NotAuthorizedOnWorkbasketException This is never thrown
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} does not exist
    * @throws WorkbasketInUseException if the {@linkplain Workbasket} does contain task-content
@@ -133,7 +133,7 @@ public interface WorkbasketService {
    */
   boolean deleteWorkbasket(String workbasketId)
       throws WorkbasketNotFoundException, WorkbasketInUseException, InvalidArgumentException,
-          MismatchedRoleException, MismatchedWorkbasketPermissionException;
+          NotAuthorizedException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Deletes the list of {@linkplain Workbasket}s specified via {@linkplain Workbasket#getId() ids}.
@@ -142,11 +142,11 @@ public interface WorkbasketService {
    *     to delete.
    * @return the result of the operations and an Exception for each failed workbasket deletion
    * @throws InvalidArgumentException if the WorkbasketIds parameter List is NULL or empty
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    */
   BulkOperationResults<String, TaskanaException> deleteWorkbaskets(List<String> workbasketsIds)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 
   // endregion
 
@@ -160,15 +160,15 @@ public interface WorkbasketService {
    * @param sourceWorkbasketId the {@linkplain Workbasket#getId() id} of the source {@linkplain
    *     Workbasket} for which the distribution targets are to be set
    * @param targetWorkbasketIds a list of the ids of the target {@linkplain Workbasket}s
-   * @throws MismatchedWorkbasketPermissionException This is never thrown
+   * @throws NotAuthorizedOnWorkbasketException This is never thrown
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    * @throws WorkbasketNotFoundException if either the source {@linkplain Workbasket} or any of the
    *     target {@linkplain Workbasket}s don't exist
    */
   void setDistributionTargets(String sourceWorkbasketId, List<String> targetWorkbasketIds)
-      throws WorkbasketNotFoundException, MismatchedRoleException,
+      throws WorkbasketNotFoundException, NotAuthorizedException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   // READ
 
@@ -178,12 +178,12 @@ public interface WorkbasketService {
    * @param workbasketId the {@linkplain Workbasket#getId() id} of the referenced {@linkplain
    *     Workbasket}
    * @return the distribution targets of the specified {@linkplain Workbasket}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
    */
   List<WorkbasketSummary> getDistributionTargets(String workbasketId)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Returns the distribution targets for a given {@linkplain Workbasket}.
@@ -193,12 +193,12 @@ public interface WorkbasketService {
    * @param domain the {@linkplain Workbasket#getDomain() domain} of the referenced {@linkplain
    *     Workbasket}
    * @return the distribution targets of the specified {@linkplain Workbasket}
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
    */
   List<WorkbasketSummary> getDistributionTargets(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Returns the distribution sources for a given {@linkplain Workbasket}.
@@ -206,12 +206,12 @@ public interface WorkbasketService {
    * @param workbasketId the {@linkplain Workbasket#getId() id} of the referenced {@linkplain
    *     Workbasket}
    * @return the workbaskets that are distribution sources of the specified {@linkplain Workbasket}.
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
    */
   List<WorkbasketSummary> getDistributionSources(String workbasketId)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   /**
    * Returns the distribution sources for a given {@linkplain Workbasket}.
@@ -221,12 +221,12 @@ public interface WorkbasketService {
    * @param domain the {@linkplain Workbasket#getDomain() domain} of the referenced {@linkplain
    *     Workbasket}
    * @return the workbaskets that are distribution sources of the specified {@linkplain Workbasket}.
-   * @throws MismatchedWorkbasketPermissionException if the current user has no {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user has no {@linkplain
    *     WorkbasketPermission#READ READ permission} for the specified {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} doesn't exist
    */
   List<WorkbasketSummary> getDistributionSources(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   // UPDATE
 
@@ -238,16 +238,16 @@ public interface WorkbasketService {
    *     Workbasket}
    * @param targetWorkbasketId the {@linkplain Workbasket#getId() id} of the target {@linkplain
    *     Workbasket}
-   * @throws MismatchedWorkbasketPermissionException if the current user doesn't have {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException if the current user doesn't have {@linkplain
    *     WorkbasketPermission#READ READ permission} for the source {@linkplain Workbasket}s
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    * @throws WorkbasketNotFoundException if either the source {@linkplain Workbasket} or the target
    *     {@linkplain Workbasket} doesn't exist
    */
   void addDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws WorkbasketNotFoundException, MismatchedRoleException,
+      throws WorkbasketNotFoundException, NotAuthorizedException,
-          MismatchedWorkbasketPermissionException;
+          NotAuthorizedOnWorkbasketException;
 
   // DELETE
 
@@ -259,13 +259,13 @@ public interface WorkbasketService {
    *     Workbasket}
    * @param targetWorkbasketId The {@linkplain Workbasket#getId() id} of the target {@linkplain
    *     Workbasket}
-   * @throws MismatchedWorkbasketPermissionException If the current user doesn't have {@linkplain
+   * @throws NotAuthorizedOnWorkbasketException If the current user doesn't have {@linkplain
    *     WorkbasketPermission#READ READ permission} for the source {@linkplain Workbasket}
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
    */
   void removeDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws MismatchedRoleException, MismatchedWorkbasketPermissionException;
+      throws NotAuthorizedException, NotAuthorizedOnWorkbasketException;
 
   // endregion
 
@@ -292,7 +292,7 @@ public interface WorkbasketService {
    * @param workbasketAccessItem the new {@linkplain WorkbasketAccessItem}
    * @return the created {@linkplain WorkbasketAccessItem}
    * @throws InvalidArgumentException if the preconditions don't match the required ones.
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    * @throws WorkbasketNotFoundException if the {@linkplain WorkbasketAccessItem} refers to a not
@@ -303,7 +303,7 @@ public interface WorkbasketService {
    */
   WorkbasketAccessItem createWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          WorkbasketAccessItemAlreadyExistException, MismatchedRoleException;
+          WorkbasketAccessItemAlreadyExistException, NotAuthorizedException;
 
   /**
    * Setting up the new {@linkplain WorkbasketAccessItem}s for a {@linkplain Workbasket}. Already
@@ -323,9 +323,9 @@ public interface WorkbasketService {
    *     stored ones.
    * @throws InvalidArgumentException will be thrown when the parameter {@code wbAccessItems} is
    *     NULL or member doesn't match the preconditions
-   * @throws MismatchedRoleException if the current user is not member of {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of {@linkplain
    *     TaskanaRole#BUSINESS_ADMIN} or {@linkplain TaskanaRole#ADMIN}
-   * @throws MismatchedWorkbasketPermissionException This is never thrown
+   * @throws NotAuthorizedOnWorkbasketException This is never thrown
    * @throws WorkbasketAccessItemAlreadyExistException if {@code wbAccessItems} contains multiple
    *     {@linkplain WorkbasketAccessItem} with the same {@linkplain
    *     WorkbasketAccessItem#getAccessId() accessId}.
@@ -334,8 +334,7 @@ public interface WorkbasketService {
    */
   void setWorkbasketAccessItems(String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
       throws InvalidArgumentException, WorkbasketAccessItemAlreadyExistException,
-          WorkbasketNotFoundException, MismatchedRoleException,
+          WorkbasketNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException;
-          MismatchedWorkbasketPermissionException;
 
   // READ
 
@@ -344,12 +343,12 @@ public interface WorkbasketService {
    *
    * @param workbasketId the {@linkplain Workbasket#getId() id} of the {@linkplain Workbasket}
    * @return List of {@linkplain WorkbasketAccessItem}s for the {@linkplain Workbasket}
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN}
    */
   List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId)
-      throws MismatchedRoleException;
+      throws NotAuthorizedException;
 
   // UPDATE
 
@@ -361,12 +360,12 @@ public interface WorkbasketService {
    * @throws InvalidArgumentException if {@linkplain WorkbasketAccessItem#getAccessId() accessId} or
    *     {@linkplain WorkbasketAccessItem#getWorkbasketId() workbasketId} is changed in the
    *     {@linkplain WorkbasketAccessItem}
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    */
   WorkbasketAccessItem updateWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
-      throws InvalidArgumentException, MismatchedRoleException;
+      throws InvalidArgumentException, NotAuthorizedException;
 
   // DELETE
 
@@ -375,22 +374,22 @@ public interface WorkbasketService {
    *
    * @param id the {@linkplain WorkbasketAccessItem#getId() id} of the {@linkplain
    *     WorkbasketAccessItem} to be deleted
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    */
-  void deleteWorkbasketAccessItem(String id) throws MismatchedRoleException;
+  void deleteWorkbasketAccessItem(String id) throws NotAuthorizedException;
 
   /**
    * Deletes all {@linkplain WorkbasketAccessItem}s using the given {@linkplain
    * WorkbasketAccessItem#getAccessId()}.
    *
    * @param accessId {@linkplain User#getId() id} of a taskana-{@linkplain User}.
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    */
-  void deleteWorkbasketAccessItemsForAccessId(String accessId) throws MismatchedRoleException;
+  void deleteWorkbasketAccessItemsForAccessId(String accessId) throws NotAuthorizedException;
 
   // endregion
 
@@ -406,11 +405,11 @@ public interface WorkbasketService {
    * This method provides a query builder for querying the database.
    *
    * @return a {@linkplain WorkbasketAccessItemQuery}
-   * @throws MismatchedRoleException if the current user is not member of role {@linkplain
+   * @throws NotAuthorizedException if the current user is not member of role {@linkplain
    *     pro.taskana.common.api.TaskanaRole#ADMIN admin} or {@linkplain
    *     pro.taskana.common.api.TaskanaRole#BUSINESS_ADMIN business-admin}
    */
-  WorkbasketAccessItemQuery createWorkbasketAccessItemQuery() throws MismatchedRoleException;
+  WorkbasketAccessItemQuery createWorkbasketAccessItemQuery() throws NotAuthorizedException;
   // endregion
 
   // region Permission and Authorization
@@ -437,13 +436,13 @@ public interface WorkbasketService {
    *     want to access
    * @param permission the needed {@linkplain WorkbasketPermission}; if more than one {@linkplain
    *     WorkbasketPermission permission} is specified, the current user needs all of them
-   * @throws MismatchedWorkbasketPermissionException if the current user has not the requested
+   * @throws NotAuthorizedOnWorkbasketException if the current user has not the requested
    *     authorization for the specified {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException if the {@linkplain Workbasket} cannot be found for the
    *     given {@linkplain Workbasket#getId() id}.
    */
   void checkAuthorization(String workbasketId, WorkbasketPermission... permission)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   /**
    * This method checks the authorization for the actual User.
@@ -454,13 +453,13 @@ public interface WorkbasketService {
    *     want to access
    * @param permission the needed {@linkplain WorkbasketPermission}; if more than one {@linkplain
    *     WorkbasketPermission permission} is specified, the current user needs all of them.
-   * @throws MismatchedWorkbasketPermissionException if the current user has not the requested
+   * @throws NotAuthorizedOnWorkbasketException if the current user has not the requested
    *     {@linkplain WorkbasketPermission permission} for the specified {@linkplain Workbasket}
    * @throws WorkbasketNotFoundException if no {@linkplain Workbasket} can be found for the given
    *     {@linkplain Workbasket#getKey() key} and {@linkplain Workbasket#getDomain() domain} values.
    */
   void checkAuthorization(String workbasketKey, String domain, WorkbasketPermission... permission)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException;
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException;
 
   // endregion
 

lib/taskana-core/src/main/java/pro/taskana/workbasket/api/exceptions/NotAuthorizedOnWorkbasketException.java

@@ -12,17 +12,18 @@ import pro.taskana.workbasket.api.models.Workbasket;
  * This exception is thrown when the current user does not have a certain {@linkplain
  * WorkbasketPermission permission} on a {@linkplain Workbasket}.
  */
-public class MismatchedWorkbasketPermissionException extends TaskanaException {
+public class NotAuthorizedOnWorkbasketException extends TaskanaException {
 
-  public static final String ERROR_KEY_KEY_DOMAIN = "WORKBASKET_WITH_KEY_MISMATCHED_PERMISSION";
+  public static final String ERROR_KEY_KEY_DOMAIN =
-  public static final String ERROR_KEY_ID = "WORKBASKET_WITH_ID_MISMATCHED_PERMISSION";
+      "NOT_AUTHORIZED_ON_WORKBASKET_WITH_KEY_AND_DOMAIN";
+  public static final String ERROR_KEY_ID = "NOT_AUTHORIZED_ON_WORKBASKET_WITH_ID";
   private final String currentUserId;
   private final WorkbasketPermission[] requiredPermissions;
   private final String workbasketId;
   private final String workbasketKey;
   private final String domain;
 
-  public MismatchedWorkbasketPermissionException(
+  public NotAuthorizedOnWorkbasketException(
       String currentUserId, String workbasketId, WorkbasketPermission... requiredPermissions) {
     super(
         String.format(
@@ -45,7 +46,7 @@ public class MismatchedWorkbasketPermissionException extends TaskanaException {
     domain = null;
   }
 
-  public MismatchedWorkbasketPermissionException(
+  public NotAuthorizedOnWorkbasketException(
       String currentUserId,
       String workbasketKey,
       String domain,

lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketQueryImpl.java

@@ -10,7 +10,7 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.TimeInterval;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaRuntimeException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
@@ -167,7 +167,7 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
   @Override
   public WorkbasketQuery accessIdsHavePermissions(
       List<WorkbasketPermission> permissions, String... accessIds)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     taskanaEngine
         .getEngine()
         .checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN, TaskanaRole.TASK_ADMIN);

lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java

@@ -21,7 +21,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
@@ -43,7 +43,7 @@ import pro.taskana.workbasket.api.WorkbasketAccessItemQuery;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketQuery;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAccessItemAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketInUseException;
@@ -82,7 +82,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public Workbasket getWorkbasket(String workbasketId)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     Workbasket result;
     try {
       taskanaEngine.openConnection();
@@ -109,7 +109,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public Workbasket getWorkbasket(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     if (!taskanaEngine
         .getEngine()
         .isUserInRole(
@@ -133,7 +133,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   @Override
   public Workbasket createWorkbasket(Workbasket newWorkbasket)
       throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          MismatchedRoleException {
+          NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
 
     WorkbasketImpl workbasket = (WorkbasketImpl) newWorkbasket;
@@ -180,7 +180,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   @Override
   public Workbasket updateWorkbasket(Workbasket workbasketToUpdate)
       throws InvalidArgumentException, WorkbasketNotFoundException, ConcurrencyException,
-          MismatchedRoleException, MismatchedWorkbasketPermissionException {
+          NotAuthorizedException, NotAuthorizedOnWorkbasketException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     WorkbasketImpl workbasketImplToUpdate = (WorkbasketImpl) workbasketToUpdate;
@@ -252,7 +252,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   @Override
   public WorkbasketAccessItem createWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
       throws InvalidArgumentException, WorkbasketNotFoundException,
-          WorkbasketAccessItemAlreadyExistException, MismatchedRoleException {
+          WorkbasketAccessItemAlreadyExistException, NotAuthorizedException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     WorkbasketAccessItemImpl accessItem = (WorkbasketAccessItemImpl) workbasketAccessItem;
@@ -320,7 +320,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public WorkbasketAccessItem updateWorkbasketAccessItem(WorkbasketAccessItem workbasketAccessItem)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     WorkbasketAccessItemImpl accessItem = (WorkbasketAccessItemImpl) workbasketAccessItem;
@@ -364,7 +364,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   }
 
   @Override
-  public void deleteWorkbasketAccessItem(String accessItemId) throws MismatchedRoleException {
+  public void deleteWorkbasketAccessItem(String accessItemId) throws NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
       taskanaEngine.openConnection();
@@ -403,7 +403,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public void checkAuthorization(String workbasketId, WorkbasketPermission... requestedPermissions)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     try {
       taskanaEngine.openConnection();
 
@@ -425,7 +425,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
       if (grantedPermissions.isEmpty()
           || !new HashSet<>(grantedPermissions.get())
               .containsAll(Arrays.asList(requestedPermissions))) {
-        throw new MismatchedWorkbasketPermissionException(
+        throw new NotAuthorizedOnWorkbasketException(
             taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
             workbasketId,
             requestedPermissions);
@@ -438,7 +438,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   @Override
   public void checkAuthorization(
       String workbasketKey, String domain, WorkbasketPermission... requestedPermissions)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     try {
       taskanaEngine.openConnection();
 
@@ -460,7 +460,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
       if (grantedPermissions.isEmpty()
           || !new HashSet<>(grantedPermissions.get())
               .containsAll(Arrays.asList(requestedPermissions))) {
-        throw new MismatchedWorkbasketPermissionException(
+        throw new NotAuthorizedOnWorkbasketException(
             taskanaEngine.getEngine().getCurrentUserContext().getUserid(),
             workbasketKey,
             domain,
@@ -473,7 +473,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public List<WorkbasketAccessItem> getWorkbasketAccessItems(String workbasketId)
-      throws MismatchedRoleException {
+      throws NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     List<WorkbasketAccessItem> result = new ArrayList<>();
     try {
@@ -491,8 +491,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   public void setWorkbasketAccessItems(
       String workbasketId, List<WorkbasketAccessItem> wbAccessItems)
       throws WorkbasketAccessItemAlreadyExistException, InvalidArgumentException,
-          WorkbasketNotFoundException, MismatchedRoleException,
+          WorkbasketNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException {
-          MismatchedWorkbasketPermissionException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
 
     Set<WorkbasketAccessItemImpl> accessItems =
@@ -538,8 +537,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   }
 
   @Override
-  public WorkbasketAccessItemQuery createWorkbasketAccessItemQuery()
+  public WorkbasketAccessItemQuery createWorkbasketAccessItemQuery() throws NotAuthorizedException {
-      throws MismatchedRoleException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN);
     return new WorkbasketAccessItemQueryImpl(this.taskanaEngine);
   }
@@ -562,7 +560,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public List<WorkbasketSummary> getDistributionTargets(String workbasketId)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     List<WorkbasketSummary> result = new ArrayList<>();
     try {
       taskanaEngine.openConnection();
@@ -584,7 +582,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public List<WorkbasketSummary> getDistributionTargets(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
 
     List<WorkbasketSummary> result = new ArrayList<>();
     try {
@@ -607,8 +605,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public void setDistributionTargets(String sourceWorkbasketId, List<String> targetWorkbasketIds)
-      throws WorkbasketNotFoundException, MismatchedRoleException,
+      throws WorkbasketNotFoundException, NotAuthorizedException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
@@ -669,8 +667,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public void addDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws WorkbasketNotFoundException, MismatchedRoleException,
+      throws WorkbasketNotFoundException, NotAuthorizedException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
@@ -721,7 +719,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public void removeDistributionTarget(String sourceWorkbasketId, String targetWorkbasketId)
-      throws MismatchedRoleException, MismatchedWorkbasketPermissionException {
+      throws NotAuthorizedException, NotAuthorizedOnWorkbasketException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
@@ -787,7 +785,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   @Override
   public boolean deleteWorkbasket(String workbasketId)
       throws WorkbasketNotFoundException, WorkbasketInUseException, InvalidArgumentException,
-          MismatchedRoleException, MismatchedWorkbasketPermissionException {
+          NotAuthorizedException, NotAuthorizedOnWorkbasketException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
 
     validateId(workbasketId);
@@ -847,7 +845,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   }
 
   public BulkOperationResults<String, TaskanaException> deleteWorkbaskets(
-      List<String> workbasketsIds) throws InvalidArgumentException, MismatchedRoleException {
+      List<String> workbasketsIds) throws InvalidArgumentException, NotAuthorizedException {
 
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
 
@@ -880,7 +878,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public List<WorkbasketSummary> getDistributionSources(String workbasketId)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
     List<WorkbasketSummary> result = new ArrayList<>();
     try {
       taskanaEngine.openConnection();
@@ -900,7 +898,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public List<WorkbasketSummary> getDistributionSources(String workbasketKey, String domain)
-      throws WorkbasketNotFoundException, MismatchedWorkbasketPermissionException {
+      throws WorkbasketNotFoundException, NotAuthorizedOnWorkbasketException {
 
     List<WorkbasketSummary> result = new ArrayList<>();
     try {
@@ -921,7 +919,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
 
   @Override
   public void deleteWorkbasketAccessItemsForAccessId(String accessId)
-      throws MismatchedRoleException {
+      throws NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
       taskanaEngine.openConnection();
@@ -1115,7 +1113,7 @@ public class WorkbasketServiceImpl implements WorkbasketService {
   }
 
   private void markWorkbasketForDeletion(String workbasketId)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     try {
       taskanaEngine.openConnection();

lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/jobs/WorkbasketCleanupJob.java

@@ -9,7 +9,7 @@ import pro.taskana.common.api.BulkOperationResults;
 import pro.taskana.common.api.ScheduledJob;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.SystemException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.jobs.AbstractTaskanaJob;
@@ -77,7 +77,7 @@ public class WorkbasketCleanupJob extends AbstractTaskanaJob {
   }
 
   private int deleteWorkbaskets(List<String> workbasketsToBeDeleted)
-      throws InvalidArgumentException, MismatchedRoleException {
+      throws InvalidArgumentException, NotAuthorizedException {
 
     BulkOperationResults<String, TaskanaException> results =
         taskanaEngineImpl.getWorkbasketService().deleteWorkbaskets(workbasketsToBeDeleted);

lib/taskana-core/src/test/java/acceptance/report/GetCustomAttributeValuesForReportAccTest.java

@@ -8,7 +8,7 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -27,7 +27,7 @@ class GetCustomAttributeValuesForReportAccTest extends AbstractReportAccTest {
             MONITOR_SERVICE
                 .createWorkbasketReportBuilder()
                 .listCustomAttributeValuesForCustomAttributeName(TaskCustomField.CUSTOM_2);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfClassificationCategoryReportAccTest.java

@@ -17,7 +17,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -45,7 +45,7 @@ class GetTaskIdsOfClassificationCategoryReportAccTest extends AbstractReportAccT
             MONITOR_SERVICE
                 .createClassificationCategoryReportBuilder()
                 .listTaskIdsForSelectedItems(List.of(), TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfClassificationReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -45,7 +45,7 @@ class GetTaskIdsOfClassificationReportAccTest extends AbstractReportAccTest {
             MONITOR_SERVICE
                 .createClassificationReportBuilder()
                 .listTaskIdsForSelectedItems(selectedItems, TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfTaskCustomFieldValueReportAccTest.java

@@ -17,7 +17,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -47,7 +47,7 @@ class GetTaskIdsOfTaskCustomFieldValueReportAccTest extends AbstractReportAccTes
             MONITOR_SERVICE
                 .createTaskCustomFieldValueReportBuilder(TaskCustomField.CUSTOM_1)
                 .listTaskIdsForSelectedItems(List.of(), TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/GetTaskIdsOfWorkbasketReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
@@ -44,7 +44,7 @@ class GetTaskIdsOfWorkbasketReportAccTest extends AbstractReportAccTest {
             MONITOR_SERVICE
                 .createWorkbasketReportBuilder()
                 .listTaskIdsForSelectedItems(List.of(), TaskTimestamp.DUE);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/ProvideClassificationCategoryReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -37,7 +37,7 @@ class ProvideClassificationCategoryReportAccTest extends AbstractReportAccTest {
   void testRoleCheck() {
     ThrowingCallable call =
         () -> MONITOR_SERVICE.createClassificationCategoryReportBuilder().buildReport();
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/ProvideClassificationReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -36,7 +36,7 @@ class ProvideClassificationReportAccTest extends AbstractReportAccTest {
   @Test
   void testRoleCheck() {
     assertThatThrownBy(() -> MONITOR_SERVICE.createClassificationReportBuilder().buildReport())
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/ProvideDetailedClassificationReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -41,7 +41,7 @@ class ProvideDetailedClassificationReportAccTest extends AbstractReportAccTest {
   void testRoleCheck() {
     ThrowingCallable call =
         () -> MONITOR_SERVICE.createClassificationReportBuilder().buildDetailedReport();
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/ProvideTaskCustomFieldValueReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -41,7 +41,7 @@ class ProvideTaskCustomFieldValueReportAccTest extends AbstractReportAccTest {
               .createTaskCustomFieldValueReportBuilder(TaskCustomField.CUSTOM_1)
               .buildReport();
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/ProvideTaskStatusReportAccTest.java

@@ -11,7 +11,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.MonitorService;
@@ -34,7 +34,7 @@ class ProvideTaskStatusReportAccTest extends AbstractReportAccTest {
   @Test
   void should_ThrowException_When_UserIsNotAuthorized() {
     assertThatThrownBy(() -> MONITOR_SERVICE.createTaskStatusReportBuilder().buildReport())
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "unknown")
@@ -44,7 +44,7 @@ class ProvideTaskStatusReportAccTest extends AbstractReportAccTest {
   @TestTemplate
   void should_ThrowException_When_UserIsNotAdminOrMonitor() {
     assertThatThrownBy(() -> MONITOR_SERVICE.createTaskStatusReportBuilder().buildReport())
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "admin")

lib/taskana-core/src/test/java/acceptance/report/ProvideWorkbasketPriorityReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
 import pro.taskana.common.api.IntInterval;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.util.Pair;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
@@ -59,7 +59,7 @@ class ProvideWorkbasketPriorityReportAccTest extends AbstractReportAccTest {
   @TestTemplate
   void should_ThrowMismatchedRoleException_When_UserDoesNotHaveCorrectRole() {
     assertThatThrownBy(() -> MONITOR_SERVICE.createWorkbasketPriorityReportBuilder().buildReport())
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/report/ProvideWorkbasketReportAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.TestFactory;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.function.ThrowingConsumer;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.monitor.api.CombinedClassificationFilter;
@@ -36,7 +36,7 @@ class ProvideWorkbasketReportAccTest extends AbstractReportAccTest {
   @Test
   void testRoleCheck() {
     assertThatThrownBy(() -> MONITOR_SERVICE.createWorkbasketReportBuilder().buildReport())
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "monitor")

lib/taskana-core/src/test/java/acceptance/security/TaskanaSecurityAccTest.java

@@ -10,7 +10,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.TaskanaRole;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 
@@ -27,7 +27,7 @@ class TaskanaSecurityAccTest extends AbstractAccTest {
     assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
     assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
     ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")
@@ -50,7 +50,7 @@ class TaskanaSecurityAccTest extends AbstractAccTest {
     assertThat(taskanaEngine.isUserInRole(TaskanaRole.BUSINESS_ADMIN)).isFalse();
     assertThat(taskanaEngine.isUserInRole(TaskanaRole.ADMIN)).isFalse();
     ThrowingCallable call = () -> taskanaEngine.checkRoleMembership(TaskanaRole.BUSINESS_ADMIN);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "user-1-1", groups = "businessadmin")

lib/taskana-core/src/test/java/acceptance/task/ServiceLevelPriorityAccTest.java

@@ -27,7 +27,7 @@ import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 /** Acceptance test for all "create task" scenarios. */
 @ExtendWith(JaasExtension.class)
@@ -342,7 +342,7 @@ class ServiceLevelPriorityAccTest extends AbstractAccTest {
     assertThat(results.containsErrors()).isTrue();
     assertThat(results.getFailedIds()).hasSize(3).containsAnyElementsOf(taskIds);
     assertThat(results.getErrorMap().values())
-        .hasOnlyElementsOfType(MismatchedWorkbasketPermissionException.class);
+        .hasOnlyElementsOfType(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "admin")

lib/taskana-core/src/test/java/acceptance/task/claim/ClaimTaskAccTest.java

@@ -15,7 +15,7 @@ import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidOwnerException;
 import pro.taskana.task.api.models.Task;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 @ExtendWith(JaasExtension.class)
 class ClaimTaskAccTest extends AbstractAccTest {
@@ -129,14 +129,14 @@ class ClaimTaskAccTest extends AbstractAccTest {
   @Test
   void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsReady() {
     assertThatThrownBy(() -> taskService.claim("TKI:000000000000000000000000000000000000"))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-taskrouter")
   @Test
   void should_ThrowNotAuthorizedException_When_UserHasNoReadPermissionAndTaskIsReadyForReview() {
     assertThatThrownBy(() -> taskService.claim("TKI:500000000000000000000000000000000028"))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-2")

lib/taskana-core/src/test/java/acceptance/task/claim/SetOwnerAccTest.java

@@ -23,7 +23,7 @@ import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 /** Acceptance test for all "set owner" scenarios. */
 @ExtendWith(JaasExtension.class)
@@ -76,9 +76,9 @@ class SetOwnerAccTest extends AbstractAccTest {
     String anyUserName = "TestUser3";
 
     assertThatThrownBy(() -> taskService.getTask(taskReadyId))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
     assertThatThrownBy(() -> setOwner(taskReadyId, anyUserName))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-2")
@@ -104,12 +104,12 @@ class SetOwnerAccTest extends AbstractAccTest {
     String anyUserName = "TestUser3";
 
     assertThatThrownBy(() -> taskService.getTask(taskReadyId))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
     BulkOperationResults<String, TaskanaException> results =
         taskService.setOwnerOfTasks(anyUserName, List.of(taskReadyId));
     assertThat(results.containsErrors()).isTrue();
     assertThat(results.getErrorForId(taskReadyId))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-2")
@@ -203,13 +203,13 @@ class SetOwnerAccTest extends AbstractAccTest {
             c -> c.getClass() == InvalidTaskStateException.class, "InvalidStateException");
     Condition<Object> mismatchedWorkbasketPermissionException =
         new Condition<>(
-            c -> c.getClass() == MismatchedWorkbasketPermissionException.class,
+            c -> c.getClass() == NotAuthorizedOnWorkbasketException.class,
             "MismatchedWorkbasketPermissionException");
     assertThat(results.getErrorMap())
         .hasSize(95)
         .extractingFromEntries(Entry::getValue)
         .hasOnlyElementsOfTypes(
-            InvalidTaskStateException.class, MismatchedWorkbasketPermissionException.class)
+            InvalidTaskStateException.class, NotAuthorizedOnWorkbasketException.class)
         .areExactly(35, invalidTaskStateException)
         .areExactly(60, mismatchedWorkbasketPermissionException);
   }

lib/taskana-core/src/test/java/acceptance/task/complete/CancelTaskAccTest.java

@@ -17,7 +17,7 @@ import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 /** Acceptance tests for all "cancel task" scenarios. */
 @ExtendWith(JaasExtension.class)
@@ -85,7 +85,7 @@ class CancelTaskAccTest extends AbstractAccTest {
   @Test
   void should_ThrowException_When_UserNotAuthorized() {
     assertThatThrownBy(() -> taskService.cancelTask("TKI:000000000000000000000000000000000001"))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "admin")

lib/taskana-core/src/test/java/acceptance/task/complete/TerminateTaskAccTest.java

@@ -11,7 +11,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskState;
@@ -84,7 +84,7 @@ class TerminateTaskAccTest extends AbstractAccTest {
     ThrowingCallable taskanaCall =
         () -> taskService.terminateTask("TKI:000000000000000000000000000000000000");
 
-    assertThatThrownBy(taskanaCall).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(taskanaCall).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "taskadmin")

lib/taskana-core/src/test/java/acceptance/task/create/CreateTaskAccTest.java

@@ -41,7 +41,7 @@ import pro.taskana.task.internal.AttachmentMapper;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
 import pro.taskana.task.internal.models.TaskImpl;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
 
@@ -678,7 +678,7 @@ class CreateTaskAccTest extends AbstractAccTest {
         createObjectReference("COMPANY_A", "SYSTEM_A", "INSTANCE_A", "VNR", "1234567"));
 
     ThrowingCallable call = () -> taskService.createTask(newTask);
-    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1")
@@ -802,7 +802,7 @@ class CreateTaskAccTest extends AbstractAccTest {
         createObjectReference("COMPANY_B", "SYSTEM_B", "INSTANCE_B", "VNR", "1234567"));
 
     ThrowingCallable call = () -> taskService.createTask(newTask);
-    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1")
@@ -823,7 +823,7 @@ class CreateTaskAccTest extends AbstractAccTest {
     Task task = taskService.newTask("TEAMLEAD-2", "DOMAIN_A");
 
     ThrowingCallable call = () -> taskService.createTask(task);
-    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1")

lib/taskana-core/src/test/java/acceptance/task/delete/DeleteTaskAccTest.java

@@ -12,7 +12,7 @@ import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.BulkOperationResults;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
@@ -31,7 +31,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
     ThrowingCallable call =
         () -> taskService.deleteTask("TKI:000000000000000000000000000000000037");
 
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "user-taskrouter")
@@ -39,7 +39,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
   void should_ThrowNotAuthorizedException_When_UserIsMemberOfTaskRouterRole() {
     ThrowingCallable call =
         () -> taskService.deleteTask("TKI:000000000000000000000000000000000037");
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "admin")
@@ -120,7 +120,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
             "TKI:000000000000000000000000000000000010");
 
     ThrowingCallable call = () -> taskService.deleteTasks(taskIds);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "admin")
@@ -141,7 +141,7 @@ class DeleteTaskAccTest extends AbstractAccTest {
   void should_ThrowException_When_UserIsNotInAdminRole() {
     ThrowingCallable deleteTaskCall =
         () -> taskService.deleteTask("TKI:000000000000000000000000000000000041");
-    assertThatThrownBy(deleteTaskCall).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(deleteTaskCall).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "admin")

lib/taskana-core/src/test/java/acceptance/task/get/GetTaskAccTest.java

@@ -20,7 +20,7 @@ import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.TaskState;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 /** Acceptance test for all "get task" scenarios. */
 @ExtendWith(JaasExtension.class)
@@ -133,7 +133,7 @@ class GetTaskAccTest extends AbstractAccTest {
 
     ThrowingCallable getTaskCall =
         () -> taskService.getTask("TKI:000000000000000000000000000000000000");
-    assertThatThrownBy(getTaskCall).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(getTaskCall).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-taskrouter")
@@ -142,7 +142,7 @@ class GetTaskAccTest extends AbstractAccTest {
     ThrowingCallable getTaskCall =
         () -> taskService.getTask("TKI:000000000000000000000000000000000000");
 
-    assertThatThrownBy(getTaskCall).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(getTaskCall).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "admin")

lib/taskana-core/src/test/java/acceptance/task/transfer/TransferTaskAccTest.java

@@ -30,7 +30,7 @@ import pro.taskana.task.api.exceptions.InvalidTaskStateException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
 
@@ -152,7 +152,7 @@ class TransferTaskAccTest extends AbstractAccTest {
 
     ThrowingCallable call =
         () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000005");
-    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1", groups = "cn=routers,cn=groups,OU=Test,O=TASKANA")
@@ -163,7 +163,7 @@ class TransferTaskAccTest extends AbstractAccTest {
 
     assertThatThrownBy(
             () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000005"))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "teamlead-1", groups = GROUP_1_DN)
@@ -194,7 +194,7 @@ class TransferTaskAccTest extends AbstractAccTest {
                 "TKI:200000000000000000000000000000000007",
                 "WBI:100000000000000000000000000000000001");
     assertThatThrownBy(call)
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class)
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class)
         .extracting(Throwable::getMessage)
         .asString()
         .startsWith(
@@ -210,7 +210,7 @@ class TransferTaskAccTest extends AbstractAccTest {
     ThrowingCallable call =
         () -> taskService.transfer(task.getId(), "WBI:100000000000000000000000000000000008");
     assertThatThrownBy(call)
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class)
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class)
         .extracting(Throwable::getMessage)
         .asString()
         .startsWith(
@@ -287,9 +287,9 @@ class TransferTaskAccTest extends AbstractAccTest {
     assertThat(results.containsErrors()).isTrue();
     assertThat(results.getErrorMap().values()).hasSize(6);
     assertThat(results.getErrorForId("TKI:000000000000000000000000000000000041").getClass())
-        .isEqualTo(MismatchedWorkbasketPermissionException.class);
+        .isEqualTo(NotAuthorizedOnWorkbasketException.class);
     assertThat(results.getErrorForId("TKI:200000000000000000000000000000000008").getClass())
-        .isEqualTo(MismatchedWorkbasketPermissionException.class);
+        .isEqualTo(NotAuthorizedOnWorkbasketException.class);
     assertThat(results.getErrorForId("TKI:000000000000000000000000000000000099").getClass())
         .isEqualTo(TaskNotFoundException.class);
     assertThat(results.getErrorForId("TKI:100000000000000000000000000000000006").getClass())
@@ -331,7 +331,7 @@ class TransferTaskAccTest extends AbstractAccTest {
     ThrowingCallable call =
         () -> taskService.transferTasks("WBI:100000000000000000000000000000000010", taskIdList);
     assertThatThrownBy(call)
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class)
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class)
         .hasMessageContaining("APPEND");
   }
 

lib/taskana-core/src/test/java/acceptance/task/update/UpdateTaskAccTest.java

@@ -37,7 +37,7 @@ import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
 import pro.taskana.task.internal.models.TaskImpl;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 /** Acceptance test for all "update task" scenarios. */
 @ExtendWith(JaasExtension.class)
@@ -179,7 +179,7 @@ class UpdateTaskAccTest extends AbstractAccTest {
     task.setWorkbasketKey("USER-1-2");
 
     assertThatThrownBy(() -> taskService.updateTask(task))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1")

lib/taskana-core/src/test/java/acceptance/taskcomment/delete/DeleteTaskCommentAccTest.java

@@ -14,7 +14,7 @@ import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
-import pro.taskana.task.api.exceptions.MismatchedTaskCommentCreatorException;
+import pro.taskana.task.api.exceptions.NotAuthorizedOnTaskCommentException;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
 
@@ -56,7 +56,7 @@ class DeleteTaskCommentAccTest extends AbstractAccTest {
     ThrowingCallable lambda =
         () -> taskService.deleteTaskComment("TCI:000000000000000000000000000000000000");
 
-    assertThatThrownBy(lambda).isInstanceOf(MismatchedTaskCommentCreatorException.class);
+    assertThatThrownBy(lambda).isInstanceOf(NotAuthorizedOnTaskCommentException.class);
 
     // make sure the task comment was not deleted
     List<TaskComment> taskCommentsAfterDeletion =

lib/taskana-core/src/test/java/acceptance/workbasket/create/CreateWorkbasketAccTest.java

@@ -12,7 +12,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@@ -70,7 +70,7 @@ class CreateWorkbasketAccTest extends AbstractAccTest {
     workbasket.setOrgLevel1("company");
 
     ThrowingCallable call = () -> workbasketService.createWorkbasket(workbasket);
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")

lib/taskana-core/src/test/java/acceptance/workbasket/create/CreateWorkbasketAuthorizationsAccTest.java

@@ -6,7 +6,7 @@ import acceptance.AbstractAccTest;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@@ -29,6 +29,6 @@ class CreateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
     accessItem.setPermission(WorkbasketPermission.CUSTOM_11, true);
     accessItem.setPermission(WorkbasketPermission.READ, true);
     assertThatThrownBy(() -> workbasketService.createWorkbasketAccessItem(accessItem))
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 }

lib/taskana-core/src/test/java/acceptance/workbasket/delete/DeleteWorkbasketAccTest.java

@@ -18,7 +18,7 @@ import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.internal.models.TaskImpl;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketInUseException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
@@ -75,7 +75,7 @@ class DeleteWorkbasketAccTest extends AbstractAccTest {
   @Test
   void should_ThrowNotAuthorizedException_When_UnauthorizedTryingToGetWorkbaskets() {
     assertThatThrownBy(() -> workbasketService.getWorkbasket("TEAMLEAD-2", "DOMAIN_A"))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "businessadmin")

lib/taskana-core/src/test/java/acceptance/workbasket/delete/DeleteWorkbasketAuthorizationsAccTest.java

@@ -9,7 +9,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
@@ -30,14 +30,14 @@ class DeleteWorkbasketAuthorizationsAccTest extends AbstractAccTest {
           WORKBASKET_SERVICE.deleteWorkbasketAccessItemsForAccessId("group-1");
         };
 
-    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
 
     deleteWorkbasketAccessItemCall =
         () -> {
           WORKBASKET_SERVICE.deleteWorkbasketAccessItem("WAI:100000000000000000000000000000000001");
         };
 
-    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(deleteWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "admin")

lib/taskana-core/src/test/java/acceptance/workbasket/get/GetDistributionTargetsAccTest.java

@@ -10,11 +10,11 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
@@ -116,7 +116,7 @@ class GetDistributionTargetsAccTest extends AbstractAccTest {
           workbasketService.setDistributionTargets(
               existingWb, List.of("WBI:100000000000000000000000000000000002"));
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "user-1-1")
@@ -131,7 +131,7 @@ class GetDistributionTargetsAccTest extends AbstractAccTest {
           workbasketService.getDistributionTargets(existingWb);
         };
     assertThatThrownBy(getDistributionTargetsCall)
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "businessadmin")
@@ -169,7 +169,7 @@ class GetDistributionTargetsAccTest extends AbstractAccTest {
 
     ThrowingCallable call =
         () -> workbasketService.getDistributionSources("WBI:100000000000000000000000000000000004");
-    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-2-2")

lib/taskana-core/src/test/java/acceptance/workbasket/get/GetWorkbasketAccTest.java

@@ -19,7 +19,7 @@ import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.WorkbasketType;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
@@ -169,13 +169,13 @@ class GetWorkbasketAccTest extends AbstractAccTest {
   void should_ThrowException_When_TryingToGetByIdWithoutPermissions() {
     ThrowingCallable call =
         () -> WORKBASKET_SERVICE.getWorkbasket("WBI:100000000000000000000000000000000001");
-    assertThatThrownBy(call).isInstanceOf(MismatchedWorkbasketPermissionException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @Test
   void should_ThrowException_When_TryingToGetByKeyAndDomainWithoutPermissions() {
     assertThatThrownBy(() -> WORKBASKET_SERVICE.getWorkbasket("GPK_KSC", "DOMAIN_A"))
-        .isInstanceOf(MismatchedWorkbasketPermissionException.class);
+        .isInstanceOf(NotAuthorizedOnWorkbasketException.class);
   }
 
   @WithAccessId(user = "user-1-1")

lib/taskana-core/src/test/java/acceptance/workbasket/get/GetWorkbasketAuthorizationsAccTest.java

@@ -7,7 +7,7 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
@@ -28,7 +28,6 @@ class GetWorkbasketAuthorizationsAccTest extends AbstractAccTest {
           workbasketService.getWorkbasketAccessItems("WBI:100000000000000000000000000000000008");
         };
 
-    assertThatThrownBy(retrieveWorkbasketAccessItemCall)
+    assertThatThrownBy(retrieveWorkbasketAccessItemCall).isInstanceOf(NotAuthorizedException.class);
-        .isInstanceOf(MismatchedRoleException.class);
   }
 }

lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketAccessItemsAccTest.java

@@ -14,7 +14,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.BaseQuery.SortDirection;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketAccessItemQuery;
@@ -69,7 +69,7 @@ class QueryWorkbasketAccessItemsAccTest extends AbstractAccTest {
               .accessIdIn("user-1-1", "group-1")
               .list();
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")

lib/taskana-core/src/test/java/acceptance/workbasket/query/QueryWorkbasketByPermissionAccTest.java

@@ -11,7 +11,7 @@ import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.BaseQuery.SortDirection;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@@ -66,7 +66,7 @@ class QueryWorkbasketByPermissionAccTest extends AbstractAccTest {
                 .accessIdsHavePermissions(List.of(WorkbasketPermission.APPEND), "user-1-1")
                 .list();
 
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")

lib/taskana-core/src/test/java/acceptance/workbasket/query/WorkbasketQueryAccTest.java

@@ -9,7 +9,7 @@ import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketPermission;
@@ -35,7 +35,7 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
                   List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
               .list();
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "unknownuser")
@@ -54,7 +54,7 @@ class WorkbasketQueryAccTest extends AbstractAccTest {
                   List.of(WorkbasketPermission.TRANSFER), "teamlead-1", GROUP_1_DN, GROUP_2_DN)
               .list();
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")

lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateDistributionTargetsAccTest.java

@@ -11,7 +11,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestTemplate;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketService;
@@ -68,21 +68,21 @@ class UpdateDistributionTargetsAccTest extends AbstractAccTest {
           workbasketService.setDistributionTargets(
               existingWb, List.of("WBI:100000000000000000000000000000000002"));
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
 
     call =
         () -> {
           workbasketService.addDistributionTarget(
               existingWb, "WBI:100000000000000000000000000000000002");
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
 
     call =
         () -> {
           workbasketService.removeDistributionTarget(
               existingWb, "WBI:100000000000000000000000000000000002");
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")
@@ -153,7 +153,7 @@ class UpdateDistributionTargetsAccTest extends AbstractAccTest {
         () -> {
           workbasketService.addDistributionTarget(workbasket.getId(), newTarget.getId());
         };
-    assertThatThrownBy(call).isInstanceOf(MismatchedRoleException.class);
+    assertThatThrownBy(call).isInstanceOf(NotAuthorizedException.class);
   }
 
   @WithAccessId(user = "businessadmin")

lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateWorkbasketAccTest.java

@@ -13,7 +13,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.exceptions.ConcurrencyException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.workbasket.api.WorkbasketCustomField;
@@ -142,6 +142,6 @@ class UpdateWorkbasketAccTest extends AbstractAccTest {
     workbasket.setName("new name");
 
     assertThatThrownBy(() -> workbasketService.updateWorkbasket(workbasket))
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 }

lib/taskana-core/src/test/java/acceptance/workbasket/update/UpdateWorkbasketAuthorizationsAccTest.java

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 
 import pro.taskana.common.api.KeyDomain;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.test.security.JaasExtension;
 import pro.taskana.common.test.security.WithAccessId;
 import pro.taskana.task.api.TaskService;
@@ -45,7 +45,7 @@ class UpdateWorkbasketAuthorizationsAccTest extends AbstractAccTest {
             "WBI:100000000000000000000000000000000008", "newAccessIdForUpdate");
 
     assertThatThrownBy(() -> workbasketService.updateWorkbasketAccessItem(workbasketAccessItem))
-        .isInstanceOf(MismatchedRoleException.class);
+        .isInstanceOf(NotAuthorizedException.class);
   }
 
   @Test

lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java

@@ -12,7 +12,7 @@ import org.springframework.web.bind.annotation.RestController;
 import pro.taskana.common.api.TaskanaEngine;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.util.IdGenerator;
 import pro.taskana.workbasket.api.WorkbasketType;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAlreadyExistException;
@@ -52,7 +52,7 @@ public class TaskanaTestController {
   public @ResponseBody String transaction(
       @RequestParam(value = "rollback", defaultValue = "false") String rollback)
       throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          MismatchedRoleException {
+          NotAuthorizedException {
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key", "workbasket"));
 
     int workbaskets = getWorkbaskets();
@@ -68,7 +68,7 @@ public class TaskanaTestController {
   public @ResponseBody String transactionMany(
       @RequestParam(value = "rollback", defaultValue = "false") String rollback)
       throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          MismatchedRoleException {
+          NotAuthorizedException {
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key1", "workbasket1"));
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key2", "workbasket2"));
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key3", "workbasket3"));
@@ -85,7 +85,7 @@ public class TaskanaTestController {
   public @ResponseBody String transactionCustomdb(
       @RequestParam(value = "rollback", defaultValue = "false") String rollback)
       throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          MismatchedRoleException {
+          NotAuthorizedException {
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key1", "workbasket1"));
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key2", "workbasket2"));
 

lib/taskana-spring/src/test/java/pro/taskana/common/internal/transaction/TaskanaComponent.java

@@ -12,7 +12,7 @@ import pro.taskana.task.api.exceptions.ObjectReferencePersistenceException;
 import pro.taskana.task.api.exceptions.TaskAlreadyExistException;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.internal.models.ObjectReferenceImpl;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 
 /** TODO. */
@@ -29,7 +29,7 @@ public class TaskanaComponent {
   public void triggerRollback()
       throws WorkbasketNotFoundException, ClassificationNotFoundException,
           TaskAlreadyExistException, InvalidArgumentException, AttachmentPersistenceException,
-          ObjectReferencePersistenceException, MismatchedWorkbasketPermissionException {
+          ObjectReferencePersistenceException, NotAuthorizedOnWorkbasketException {
     Task task = taskService.newTask("1");
     task.setName("Unit Test Task");
     ObjectReferenceImpl objRef = new ObjectReferenceImpl();

lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/ClassificationBuilder.java

@@ -11,7 +11,7 @@ import pro.taskana.classification.api.models.Classification;
 import pro.taskana.classification.api.models.ClassificationSummary;
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.testapi.builder.EntityBuilder.SummaryEntityBuilder;
 
 public class ClassificationBuilder
@@ -119,7 +119,7 @@ public class ClassificationBuilder
   @Override
   public Classification buildAndStore(ClassificationService classificationService)
       throws InvalidArgumentException, ClassificationAlreadyExistException, DomainNotFoundException,
-          MalformedServiceLevelException, ClassificationNotFoundException, MismatchedRoleException {
+          MalformedServiceLevelException, ClassificationNotFoundException, NotAuthorizedException {
     try {
       Classification c = classificationService.createClassification(testClassification);
       return classificationService.getClassification(c.getId());

lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/TaskBuilder.java

@@ -21,7 +21,7 @@ import pro.taskana.task.api.models.ObjectReference;
 import pro.taskana.task.api.models.Task;
 import pro.taskana.task.api.models.TaskSummary;
 import pro.taskana.testapi.builder.EntityBuilder.SummaryEntityBuilder;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.WorkbasketSummary;
 
@@ -217,7 +217,7 @@ public class TaskBuilder implements SummaryEntityBuilder<TaskSummary, Task, Task
       throws TaskAlreadyExistException, InvalidArgumentException, WorkbasketNotFoundException,
           ClassificationNotFoundException, AttachmentPersistenceException,
           ObjectReferencePersistenceException, TaskNotFoundException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     try {
       Task task = taskService.createTask(testTask);
       return taskService.getTask(task.getId());

lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/TaskCommentBuilder.java

@@ -7,7 +7,7 @@ import pro.taskana.task.api.TaskService;
 import pro.taskana.task.api.exceptions.TaskCommentNotFoundException;
 import pro.taskana.task.api.exceptions.TaskNotFoundException;
 import pro.taskana.task.api.models.TaskComment;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 
 public class TaskCommentBuilder implements EntityBuilder<TaskComment, TaskService> {
 
@@ -50,7 +50,7 @@ public class TaskCommentBuilder implements EntityBuilder<TaskComment, TaskServic
   @Override
   public TaskComment buildAndStore(TaskService taskService)
       throws InvalidArgumentException, TaskNotFoundException, TaskCommentNotFoundException,
-          MismatchedWorkbasketPermissionException {
+          NotAuthorizedOnWorkbasketException {
     try {
       TaskComment t = taskService.createTaskComment(testTaskComment);
       return taskService.getTaskComment(t.getId());

lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/UserBuilder.java

@@ -3,7 +3,7 @@ package pro.taskana.testapi.builder;
 import java.util.Set;
 
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.user.api.UserService;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
 import pro.taskana.user.api.models.User;
@@ -91,7 +91,7 @@ public class UserBuilder implements EntityBuilder<User, UserService> {
 
   @Override
   public User buildAndStore(UserService userService)
-      throws UserAlreadyExistException, InvalidArgumentException, MismatchedRoleException {
+      throws UserAlreadyExistException, InvalidArgumentException, NotAuthorizedException {
     return userService.createUser(testUser);
   }
 }

lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/WorkbasketAccessItemBuilder.java

@@ -1,7 +1,7 @@
 package pro.taskana.testapi.builder;
 
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.workbasket.api.WorkbasketPermission;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAccessItemAlreadyExistException;
@@ -47,7 +47,7 @@ public class WorkbasketAccessItemBuilder
   @Override
   public WorkbasketAccessItem buildAndStore(WorkbasketService workbasketService)
       throws InvalidArgumentException, WorkbasketAccessItemAlreadyExistException,
-          WorkbasketNotFoundException, MismatchedRoleException {
+          WorkbasketNotFoundException, NotAuthorizedException {
     return workbasketService.createWorkbasketAccessItem(testWorkbasketAccessItem);
   }
 }

lib/taskana-test-api/src/main/java/pro/taskana/testapi/builder/WorkbasketBuilder.java

@@ -4,12 +4,12 @@ import java.time.Instant;
 
 import pro.taskana.common.api.exceptions.DomainNotFoundException;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
-import pro.taskana.common.api.exceptions.MismatchedRoleException;
+import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.testapi.builder.EntityBuilder.SummaryEntityBuilder;
 import pro.taskana.workbasket.api.WorkbasketCustomField;
 import pro.taskana.workbasket.api.WorkbasketService;
 import pro.taskana.workbasket.api.WorkbasketType;
-import pro.taskana.workbasket.api.exceptions.MismatchedWorkbasketPermissionException;
+import pro.taskana.workbasket.api.exceptions.NotAuthorizedOnWorkbasketException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketAlreadyExistException;
 import pro.taskana.workbasket.api.exceptions.WorkbasketNotFoundException;
 import pro.taskana.workbasket.api.models.Workbasket;
@@ -115,8 +115,7 @@ public class WorkbasketBuilder
   @Override
   public Workbasket buildAndStore(WorkbasketService workbasketService)
       throws InvalidArgumentException, WorkbasketAlreadyExistException, DomainNotFoundException,
-          WorkbasketNotFoundException, MismatchedRoleException,
+          WorkbasketNotFoundException, NotAuthorizedException, NotAuthorizedOnWorkbasketException {
-          MismatchedWorkbasketPermissionException {
     try {
       Workbasket w = workbasketService.createWorkbasket(testWorkbasket);
       return workbasketService.getWorkbasket(w.getId());

rest/taskana-rest-spring/src/docs/asciidoc/rest-api.adoc

@@ -28,42 +28,42 @@ Additionally, an optional set of message variables, containing some technical in
 
 [%autowidth,width="100%"]
 |===
-| Status Code                 | Key                                       | Message Variables
+| Status Code                 | Key                                              | Message Variables
-| *400 BAD_REQUEST*           | CLASSIFICATION_SERVICE_LEVEL_MALFORMED    | serviceLevel, classificationKey, domain
+| *400 BAD_REQUEST*           | CLASSIFICATION_SERVICE_LEVEL_MALFORMED           | serviceLevel, classificationKey, domain
-| *400 BAD_REQUEST*           | CUSTOM_HOLIDAY_WRONG_FORMAT               | customHoliday
+| *400 BAD_REQUEST*           | CUSTOM_HOLIDAY_WRONG_FORMAT                      | customHoliday
-| *400 BAD_REQUEST*           | DOMAIN_NOT_FOUND                          | domain
+| *400 BAD_REQUEST*           | DOMAIN_NOT_FOUND                                 | domain
-| *400 BAD_REQUEST*           | INVALID_ARGUMENT                          |
+| *400 BAD_REQUEST*           | INVALID_ARGUMENT                                 |
-| *400 BAD_REQUEST*           | QUERY_PARAMETER_MALFORMED                 | malformedQueryParameters
+| *400 BAD_REQUEST*           | QUERY_PARAMETER_MALFORMED                        | malformedQueryParameters
-| *400 BAD_REQUEST*           | TASK_INVALID_CALLBACK_STATE               | taskId, taskCallbackState, requiredCallbackStates
+| *400 BAD_REQUEST*           | TASK_INVALID_CALLBACK_STATE                      | taskId, taskCallbackState, requiredCallbackStates
-| *400 BAD_REQUEST*           | TASK_INVALID_OWNER                        | taskId, currentUserId
+| *400 BAD_REQUEST*           | TASK_INVALID_OWNER                               | taskId, currentUserId
-| *400 BAD_REQUEST*           | TASK_INVALID_STATE                        | taskId, taskState, requiredTaskStates
+| *400 BAD_REQUEST*           | TASK_INVALID_STATE                               | taskId, taskState, requiredTaskStates
-| *403 FORBIDDEN*             | ROLE_MISMATCHED                           | roles, currentUserId
+| *403 FORBIDDEN*             | NOT_AUTHORIZED                                   | roles, currentUserId
-| *403 FORBIDDEN*             | TASK_COMMENT_CREATOR_MISMATCHED           | currentUserId, taskCommentId
+| *403 FORBIDDEN*             | NOT_AUTHORIZED_ON_TASK_COMMENT                   | currentUserId, taskCommentId
-| *403 FORBIDDEN*             | WORKBASKET_WITH_ID_MISMATCHED_PERMISSION  | currentUserId, workbasketId, requiredPermissions
+| *403 FORBIDDEN*             | NOT_AUTHORIZED_ON_WORKBASKET_WITH_ID             | currentUserId, workbasketId, requiredPermissions
-| *403 FORBIDDEN*             | WORKBASKET_WITH_KEY_MISMATCHED_PERMISSION | currentUserId, workbasketKey, domain, requiredPermissions
+| *403 FORBIDDEN*             | NOT_AUTHORIZED_ON_WORKBASKET_WITH_KEY_AND_DOMAIN | currentUserId, workbasketKey, domain, requiredPermissions
-| *404 NOT_FOUND*             | CLASSIFICATION_WITH_ID_NOT_FOUND          | classificationId
+| *404 NOT_FOUND*             | CLASSIFICATION_WITH_ID_NOT_FOUND                 | classificationId
-| *404 NOT_FOUND*             | CLASSIFICATION_WITH_KEY_NOT_FOUND         | classificationKey, domain
+| *404 NOT_FOUND*             | CLASSIFICATION_WITH_KEY_NOT_FOUND                | classificationKey, domain
-| *404 NOT_FOUND*             | TASK_COMMENT_NOT_FOUND                    | taskCommentId
+| *404 NOT_FOUND*             | TASK_COMMENT_NOT_FOUND                           | taskCommentId
-| *404 NOT_FOUND*             | TASK_NOT_FOUND                            | taskId
+| *404 NOT_FOUND*             | TASK_NOT_FOUND                                   | taskId
-| *404 NOT_FOUND*             | USER_NOT_FOUND                            | userId
+| *404 NOT_FOUND*             | USER_NOT_FOUND                                   | userId
-| *404 NOT_FOUND*             | WORKBASKET_WITH_ID_NOT_FOUND              | workbasketId
+| *404 NOT_FOUND*             | WORKBASKET_WITH_ID_NOT_FOUND                     | workbasketId
-| *404 NOT_FOUND*             | WORKBASKET_WITH_KEY_NOT_FOUND             | workbasketKey, domain
+| *404 NOT_FOUND*             | WORKBASKET_WITH_KEY_NOT_FOUND                    | workbasketKey, domain
-| *409 CONFLICT*              | ATTACHMENT_ALREADY_EXISTS                 | attachmentId, taskId
+| *409 CONFLICT*              | ATTACHMENT_ALREADY_EXISTS                        | attachmentId, taskId
-| *409 CONFLICT*              | CLASSIFICATION_ALREADY_EXISTS             | classificationKey, domain
+| *409 CONFLICT*              | CLASSIFICATION_ALREADY_EXISTS                    | classificationKey, domain
-| *409 CONFLICT*              | ENTITY_NOT_UP_TO_DATE                     | entityId
+| *409 CONFLICT*              | ENTITY_NOT_UP_TO_DATE                            | entityId
-| *409 CONFLICT*              | TASK_ALREADY_EXISTS                       | externalTaskId
+| *409 CONFLICT*              | TASK_ALREADY_EXISTS                              | externalTaskId
-| *409 CONFLICT*              | USER_ALREADY_EXISTS                       | userID
+| *409 CONFLICT*              | USER_ALREADY_EXISTS                              | userID
-| *409 CONFLICT*              | WORKBASKET_ACCESS_ITEM_ALREADY_EXISTS     | accessId, workbasketId
+| *409 CONFLICT*              | WORKBASKET_ACCESS_ITEM_ALREADY_EXISTS            | accessId, workbasketId
-| *409 CONFLICT*              | WORKBASKET_ALREADY_EXISTS                 | workbasketKey, domain
+| *409 CONFLICT*              | WORKBASKET_ALREADY_EXISTS                        | workbasketKey, domain
-| *409 CONFLICT*              | WORKBASKET_MARKED_FOR_DELETION            | workbasketId
+| *409 CONFLICT*              | WORKBASKET_MARKED_FOR_DELETION                   | workbasketId
-| *413 PAYLOAD_TOO_LARGE*     | PAYLOAD_TOO_LARGE                         |
+| *413 PAYLOAD_TOO_LARGE*     | PAYLOAD_TOO_LARGE                                |
-| *423 LOCKED*                | CLASSIFICATION_IN_USE                     | classificationKey, domain
+| *423 LOCKED*                | CLASSIFICATION_IN_USE                            | classificationKey, domain
-| *423 LOCKED*                | WORKBASKET_IN_USE                         | workbasketId
+| *423 LOCKED*                | WORKBASKET_IN_USE                                | workbasketId
-| *500 INTERNAL_SERVER_ERROR* | CONNECTION_AUTOCOMMIT_FAILED              |
+| *500 INTERNAL_SERVER_ERROR* | CONNECTION_AUTOCOMMIT_FAILED                     |
-| *500 INTERNAL_SERVER_ERROR* | CONNECTION_NOT_SET                        |
+| *500 INTERNAL_SERVER_ERROR* | CONNECTION_NOT_SET                               |
-| *500 INTERNAL_SERVER_ERROR* | CRITICAL_SYSTEM_ERROR                     |
+| *500 INTERNAL_SERVER_ERROR* | CRITICAL_SYSTEM_ERROR                            |
-| *500 INTERNAL_SERVER_ERROR* | DATABASE_UNSUPPORTED                      | databaseProductName
+| *500 INTERNAL_SERVER_ERROR* | DATABASE_UNSUPPORTED                             | databaseProductName
-| *500 INTERNAL_SERVER_ERROR* | UNKNOWN_ERROR                             |
+| *500 INTERNAL_SERVER_ERROR* | UNKNOWN_ERROR                                    |
 |===
 
 ==== Errors