Hi ,
I deployed a spring-boot powered camunda .
I am trying to create a new user (say “apple”) in camunda-admin panel , the user will have access to “tasklist” only .
But ,that user can access all the panels “cockpit” , “tasklist” , “admin” . WHY ???
Is every user an admin user in camunda ( by default) OR am I doing something wrong ???
HOW I created the new user ?
This is what i get at the welcome panel …
1 Like
Hi @Arsh_Baghel,
you are right, each new user does have full access. However, the permission management in camunda can be configured on a very granular level depending on your requirements. Check the tab “Authorizations” in the navbar. Detailed information about permission management can be found here:
https://docs.camunda.org/manual/7.8/webapps/admin/authorization-management/
Hi @FabianHinsenkamp ,
I tried the steps , but the result is the same.
Steps i followed ::
- create 2 users → test1 , test2 .
- create a group → test_group.
- add the 2 users to the group .
- aplied the “Application Authorizations” to the group.
1)
3)
4)
RESULT) :
PS : I tried the basic tomcat restart also .
Help !!!
Also , when i used to utilise Version 7.7 of camunda ,every new user I created used to have no rights (by default ).
But, in the Version 7.8 every user is by default admin-member …WHY???
Version 7.7:::
Hi @Arsh_Baghel,
I can not reproduce the behaviour described by you. Please check your “list of groups” view it should look similar to mine: The type of your group should be “WORKFLOW”.
Why is ist relevant to you if a user has non or all permissions by default?
Hi @FabianHinsenkamp ,
I used “WORKFLOW” in the “Type” of group .
But , still I can see that the users in this group can see all the applications(Cockpit , Admin , tasklist ) , despite me not explicitly giving them any permissions .
Now , replying to :: Why is this relevant to you if a user has non or all permissions by default?
Ans->: have created a system where , a loan-request is analysed using camunda’s Workflow manager , and some users should only have access to the tasklist , so that they can work o the task(s) they are assigned to .
Hi @Arsh_Baghel,
thanks for checking the group type. Now, can you please check your authorization config in your spring boot project. Probably you haven’t set camunda.bpm.authorization.enabled
.
Check the documentation for more details
4 Likes
Hi @FabianHinsenkamp ,
I tried this config and it worked , thanks …
BTW…
Shouldn’t these authorization-settings be enabled by default .
1 Like