I try to understand the concept of authorization. I want a user from the group StudentGroup is abled to start the process bppminiwik. The user SekiMA from the group SekiGroup is only allowed to read the user task Stammdaten anzeigen.
I created the following user and groups
User: SekiMA (dedicated to SekiGroup)
User: Studi1 (dedicated to StudentGroup)
Unfortunately the user Studi1 is not allowed to start the process (only allowed to see the tasklist). So I started the process with admin access. The User SekiMA can see now the task “Stammdaten anzeigen”.
Why is the user Studi1 not allowed to start the process?
Thanks for your help,
From your description:
Studi1 belongs to
SekiGroup which doesn’t have permissions (CREATE_INSTANCE and CREATE) to start
Studi1 should belong to
Oh that was a typo, sorry. No, it is configured right. (Studi1 belongs to StudentGroup)
In case you use Camunda 7.10, please have a look at:
READ permissions on Process definition level, and
CREATE permission for all Process instances.
For "Process Instance Authorizations"
Resource ID should be “*” instead of “bppwkmini”
and both of them need only READ permission.
For "Process Definition Authorizations"
In case members of “StudentGroup” should be able to work on the process too then, set both “CREATE_INSTANCE, READ” permissions to “StudentGroup” group.
Ah ok, I forgot the READ permission. Thanks
For better understanding: I thought if I type “*” the user or group is abled to start every process. I only want him to start the process bppminiwk. Do I think right?
The resource id only of the Process Instances authorization needs to be set to “*” (for permission
READ). The reason behind this is that there is no process instance id before the creation of the process instance. So you need to specify
READ permission for all process instances (asterisk as resource id), as it is described in the docs.
You can leave
bppwkmini as resource id for
CREATE_INSTANCE, READ permission of the Process Definition.
I hope that the picture is more clear now.