Authorization based on tenant

Hi All,
I had a query and need your guidance related to Camunda Authorization since I am new to this engine.
I have an embedded sprig boot Camunda Workflow engine. Where i have configured process.xml as :

Hence all the BPMNs (in the resource folder of the project) got deployed under tenant id: “MY.PRC”.

Now I wish to create a new user (through admin app) and provide access to only 2 out of 5 processes in tenant id “MY.PRC”.
I followed the documentation

Somehow I am not able to achieve. The new user is only able to see the process deployed by Camunda modeler without any tenantid.

Please feel free to correct me, at any step.

Ok , I was able to solve this issue,
it just needed to set a property in my application.properties file as:
camunda.bpm.authorization.tenant-check-enabled=false

This allows all authorized users to see data of all tenants in the Camunda web application (Cockpit)

One can also set this property in their Process Engine Configuration:
<property name="tenantCheckEnabled">false</property> of their bpm-platform.xml

Also, as here in my example tenant id is in form of “XX.XXX” which is not a whitelisted pattern for user/group/tenant by camunda,
hence in such scenario if we need to create tenant “XX.XXX” from Admin and assign the user to this tenant (so that user belonging to specific tenant may only see corresponding data only)
Then set camunda.bpm.generic-properties.properties.tenantResourceWhitelistPattern = .+
And proceed with tenant creation from Admin

1 Like