Hi there,
I don’t seem to be able to find a way to configure all the permissions in camunda via a yaml file that I can check into a repo, diff, comment, etc.
Am I missing something, or is there a feature request missing for this?
Hello @dwt ,
do you authorization? Yes, these are not configurable from outside out-of-the-box.
But, it is possible to do this, of course.
Jonathan
Heello @jonathan.lukas ,
I’m not sure I get you right - are you suggesting that this is not implemented but can be added via a plugin, or are you suggesting that such code already exists somewhere?
Best Regards
Martin Häcker
Hello @dwt ,
I am not aware of a publicly available plugin, but I suggest to look at the community hub.
If not, feel free to create this and in case you want to publish it, I will be happy to help with the implementation.
Jonathan
@jonathan.lukas Well, I don’t know yet if I / we are able to do this. Could you provide some pointers to plugin classes that this would need to subclass to get this going?
Some things I am thinking about:
- It should be possible to add a list of permissions.
- It should be possible to remove a list of permissions (to allow retiring permissions, once they are not necessary anymore.
- Ideally I would be able to publish this list of permissions together with the .bpmn or .dmn files that they belong to so I can do a full automatic deployment of workflows and their necessary permissions.
- Thinking further: I would like to extend this with the ability to also create / remove additional items, like filters for human in the loop tasks, as they also belong to a deployment.
Hello @dwt ,
this is a nice idea setting permissions to deployed resources directly.
I will see, but this sounds like an extension to the ProcessApplication, where you have the possibility to hook in the deploy and also the pre-undeploy.
Jonathan
It’s quity simple to write a program that would read in some kind of configuration and set the permissions in the DB via the AuthorizationService API. As for what such a program would do – it depends on how you implement it. There are no limits set. We, for instance, created such a program for our needs and do not use the GUI for setting permissions anymore (this was a nightmare).
As a “poor man’s tool” just write a set of SQLs to execute against the camunda DB. You could even generate the SQLs with the help of an Excel macro so that you just have to only edit the “real data”.
1 Like
@fml2 Do you happen to have a repo somewhere with those deployment scripts? They sound like a great start to what I have in mind.
Also, is there some actual rest api somewhere to set permissions? I haven’t been able to find something to actually set them, and am kind of reluctant to just write into the DB directly. Sounds like it may be necessary though.
The rest API is here: Authorization | docs.camunda.org
The program is for internal use in our company hence I can’t publish it here.