All Users Have Admin Access With Spring Boot

When I create users using the Spring Boot (embedded Process Engine) version using the Admin application, the users do not have any restrictions at all.

From vanilla install, the database is created and the form shows to create the admin user. Using this admin user any other created users have full permission. It is as though these users are “superusers” and changing their permissions makes no difference. I did not have this problem with a stand-alone process engine.

The log shows a warning when the Admin page loads:

o.glassfish.jersey.servlet.WebComponent  : A servlet request to the URI http://localhost:8090/api/admin/auth/user/default/login/admin contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.

Camunda version 7.6.0 with


and H2 database


Hi @johnshaw1000,

this sounds similar to the topic:

Best regards,

Not quite the same issue though likely to be similar root cause. Authorization is off, I found a workaround to switch it on:

public class MyProcessEngineConfiguration extends SpringBootProcessEnginePlugin {

    public void preInit(SpringProcessEngineConfiguration processEngineConfiguration) {
        if (!processEngineConfiguration.isAuthorizationEnabled()) {

Where did you find this? any guide doc?

Hi @jeremy_chou,

have a look here:

Hope this helps, Ingo

Thanks for your kindly reply, I resolved this issue by using config camunda.bpm.authorization.enable= true