"administrator" user is not administrative user? How to create admin user?

Greeting!

https://github.com/camunda/camunda-docs-manual/blob/master/content/user-guide/process-engine/authorization-service.md states:
Camunda BPM has no explicit concept of “administrator” beyond it being a user who has been granted all authorizations on all resources.

and so i do:


lUsrName = “admin”;
for (Resource r: Resources.values())
{
auth = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
auth.setUserId(lUsrName);
auth.setResource( r );
auth.setResourceId("*");
auth.addPermission(Permissions.ALL);
authorizationService.saveAuthorization(auth);
}

verified in ACT_RU_AUTHORIZATION table, user admin possess resource_type from 0-14 with resource_id *

ok should be it. But not yet.
Trying to login to
http://myhost:port/camunda/app
and getting nice messsage:

You are trying to access the process engine “default”. This process engine is configured to use the built-in identity service (database) but has no administrative users configured. This page allows you to create a user for accessing the process engine.

So what do i missing? Administrative user is not admin user?
Please advice!

many thanks in advance!

Hi @Tigly_Migly,

I would say that Camunda webapps cannot find any user in the system. The code, that you posted, creates only “authorizations” (or permissions). Before this, you need to create the user and/or add it to some group.

Howdy!
thanks for your input.

the user (of course) is created before assigning the needed permissions.

  1. How do i add a group, programmatically?
  2. Is that ‘some’ group means any group or it means THE group? THE group thinking, one like camunda-admin

Hi @Tigly_Migly,

sorry, I was not 100% precise in my previous answer. Yes, you must have camunda-admin group with at least one user in it. In your case, you can create camunda-admin group with all authorizations on all resources (or let the Webapps to create one for you) and then add your admin user to this group.

You can add group either by using IdentityService#newGroup, or via REST API https://docs.camunda.org/manual/7.7/reference/rest/group/post-create/

1 Like

Thank you! Thank you!

You are completely right user have to be a member of THE camunda-admin group.
I have achieved this also with identityService.createMembership.