By default every user is an admin

Camunda 7 Topics Discussion & Questions
,
1

Hi ,
I deployed a spring-boot powered camunda .

I am trying to create a new user (say “apple”) in camunda-admin panel , the user will have access to “tasklist” only .

But ,that user can access all the panels “cockpit” , “tasklist” , “admin” . WHY ???

Is every user an admin user in camunda ( by default) OR am I doing something wrong ???

HOW I created the new user ?

cam1
cam11365×650 34.9 KB

This is what i get at the welcome panel …

cam2
cam21365×684 38.9 KB

2

Hi @Arsh_Baghel,

you are right, each new user does have full access. However, the permission management in camunda can be configured on a very granular level depending on your requirements. Check the tab “Authorizations” in the navbar. Detailed information about permission management can be found here:

https://docs.camunda.org/manual/7.8/webapps/admin/authorization-management/

3

Hi @FabianHinsenkamp ,
I tried the steps , but the result is the same. :tired_face:

Steps i followed ::

  1. create 2 users → test1 , test2 .
  2. create a group → test_group.
  3. add the 2 users to the group .
  4. aplied the “Application Authorizations” to the group.

1)

cam1
cam11363×645 25.9 KB

3)

cam2
cam21365×642 25 KB

4)

cam3
cam31365×549 46.1 KB

RESULT) :tired_face: :

cam4
cam41365×644 37.6 KB

PS : I tried the basic tomcat restart also .

Help !!!

4

Also , when i used to utilise Version 7.7 of camunda ,every new user I created used to have no rights (by default ).

But, in the Version 7.8 every user is by default admin-member …WHY???

Version 7.7:::

cam1
cam11366×768 24.1 KB

5

Hi @Arsh_Baghel,

I can not reproduce the behaviour described by you. Please check your “list of groups” view it should look similar to mine: The type of your group should be “WORKFLOW”.

34
341906×311 29 KB

Why is ist relevant to you if a user has non or all permissions by default?

6

Hi @FabianHinsenkamp ,

I used “WORKFLOW” in the “Type” of group .

cam1
cam11366×768 39.9 KB

But , still I can see that the users in this group can see all the applications(Cockpit , Admin , tasklist ) , despite me not explicitly giving them any permissions .

Now , replying to :: Why is this relevant to you if a user has non or all permissions by default?
Ans->: have created a system where , a loan-request is analysed using camunda’s Workflow manager , and some users should only have access to the tasklist , so that they can work o the task(s) they are assigned to .

7

Hi @Arsh_Baghel,

thanks for checking the group type. Now, can you please check your authorization config in your spring boot project. Probably you haven’t set camunda.bpm.authorization.enabled.

Check the documentation for more details

8

Hi @FabianHinsenkamp ,
I tried this config and it worked , thanks …

BTW…
Shouldn’t these authorization-settings be enabled by default .