Hi,
I see new version of Modeler and BPM platform has ability to create process forms. However I do not understand one thing - how make user A has access to one form and user B to another?
For instance in simple approval process; user A requests for something, user B approves ticket. How to make they both have different views (access to different forms/tasks)?
Regards
Thank you very much for help. More clear now.
I managed to create user on BPM platform and gave him âApplicationâ rights (cockpit and tasklist).
User can login. But now Iâm trying to understand if user can start a process or process can be only started by admin or API? Suppose this is request for service so ordinary way would be that user starts process, right?
If I click (logged as user) on âstart processâ i see no process name to start. I guess this is because proper rights? What right I should give to him to make it visible?
I rights mangement I have field âResource IDâ. Where to find âResource IDâ? I process definition I see only âDefinition IDâ or âDeployment IDâ.
Regards
Hi @mkelton,
the user needs permissions on the process definition and process instance to start a process instance. You can read more about the details here: Authorization Service | docs.camunda.org
Hope this helps, Ingo
OK, thank you.
And where to find âResource IDâ ? If I understand correctly resource ID can be deployment ID. But if I put it there it does not work.
And why âMy tasksâ menu is empty even if process is started and user is defined as âCandidate userâ in task?
1 Like
Also make note that there is no concept of variable security. If your user has access to the task they can access/modify all variables in the process.
Thanks for this note. But I still do not know how to limit user rights only to one process definition.
Hello @mkelton ,
a process definition has its own authorization as @Ingo_Richtsmeier already mentioned. If you want a user or group to be allowed to start a process instance from a certain process definition, we will need at least two authorizations:
-
CREATE_INSTANCE
on Process Definition, either with *
as Resource ID OR with the Process Definition ID (can be found in cockpit, see screenshot) as Resource ID. Process Definition Key could also work, you can try this as well.
-
CREATE
on Process Instance, here a *
on Resource ID will do as the ID of the Process Instance cannot be determined.
I hope this helps
Jonathan
Thank you Jonathan. I needed some time to test it so late reply.
I made some progress but still not able to understand what to do so user after reaching âtasklistâ menu can see his task. If I give user â*â permision in âfilterâ section - user can build a filter. But if I limit visibility to process name or ID - it does not work. He does see nothing. Although he can build filter - such filter does not work (show nothing). âMy taskâ display nothing but thereâs at least one task assigned to this user.
I do not understand how it works. I should give user filter rights - right? But how to limit rights to specified process ID or name?
Here comes screen of default settings in Camunda. I do not see any process with ID that is there on the screen. Where to find this ID? I followed your instruction but found completly different IDs of preinstalled processes ( I meand preinstalled configuration, filter rights should have ID of the processed that exists in demo camunda - I do not see them).
EDIT:
I see that if I set filter permission to âAccessible by all usersâ then I can give filter rights to specified user in filter Authorization. Probably I can limit filter access to specified user/groups on filter details level.
I still do not get why âMy Tasksâ tab is empty (this user has task open).