I have a problem with the Authorization management, it doesn’t behave as espected:
We have one Camunda Engine (Community Ed., 7.9) running which is connected to our LDAP system.
We use the “Single-engine multi-tenancy” approach with over 700+ tenants.
Via the Authorization plugin there’s an Admin group configured (called
When I log in as a member of the
camunda-admin group everything is fine! I can see all process instances, can start processes and so on.
But, now I want to add another group called
Members of this group may only use the cockpit.
Within the cockpit they may see all running processes and incidents, but must not change anything.
I gave an access right for the cockpit for this group and read-access to process instances, process definitions and tasks.
Now, when a user of this groups logs in, he/she can only see the cockpit. So far, so good
BUT the user cannot see any running processes and incidents. The user sees the cockpit with 0 running process and 0 incidents, which makes the cockpit useless.
Even if I give this group the permission to start processes: when a user starts a process the user won’t see the running process in the cockpit (but a user of the admin-group does).
Does anybody has an idea what’s the problem?