Security for invited participants
Usually there is a group of users who work on a process within a task or workflow task App. This group of users is often determined on a system planning stage - workflow owners actually specify who gets tasks at which step in the process and this assignment occurs automatically as workflows tasks advance through the process. However, situations may occur when you need to involve another user to work with a certain task or workflow task, without adding him/her to the list of App members or even viewers.
To achieve that (and actually grant that user access to a task he wouldn't be able to even view otherwise), you should assign a subtask to the user you want to bring in to work on the task. Once the subtask is assigned, the user will get view and edit permissions for the task without being a member of the App the task belongs to. This is particularly useful in situations when you need to collect some input from other teams to move forward with your workflow and in other one-off situations where you don't want users to be a part of the common workflow but rather complete a job on a specific task.
When this user completes the subtask and moves the workflow further to the next step, he/she will lose the privileged access to the workflow task. That means that if he is not in the proper permissions group of the App to see workflow tasks, he will not be able to access it anymore. In other words, the read/write permissions are granted for the time the user has the subtask open; once it's closed, the permissions will be taken away.