Hi,
We use Camunda and Camunda Cockpit 7.15 and we tried to enable the password policy using the default one (no customisations are made in the rules).
We observed an unexpected behaviour for change password functionality.
For the users with admin rights (i.e. those from the default camunda-admin group or any other custom created group but with full rights) everything works as expected when such user tries to change his/her the password - the new password is validated successfully against the password policy.
The issue is for the users from non-admin groups. We have custom defined group with limited rights (i.e. the admin app is not available for this group, the users from this group cannot create, suspend, delete process instances, just can see them, etc.). So when the password policy is enabled the users from this non-admin group cannot change their own passwords because of a missing ‘CREATE’ permission on resource ‘User’. The error occurs when request for loading the password policy is performed. The response is following:
"type": "AuthorizationException",
"message": "The user with id 'user+testpwdchng@mytestdomain.com' does not have 'CREATE' permission on resource 'User'.",
"userId": "user+testpwdchng@mytestdomain.com",
"resourceName": "User",
"resourceId": null,
"permissionName": "CREATE",
"missingAuthorizations": [
{
"permissionName": "CREATE",
"resourceName": "User",
"resourceId": null
}
]
}```
Attached are two screenshots with successful validation of the password of admin user and with failed password validation because of missing rights for loading the password policy (i.e. the error mentioned above).
We tried to give explicitly authorisation for CREATE User permission for the non-admin users but the result is the same.
Any suggestions how to solve this problem?
Thanks in advance!