Hi everyone,
I’ve encountered an issue with authorization when using Camunda’s REST connector. It seems that the authorization is “all or nothing,” meaning if one process is granted access to a network entity, all users of the connector have the same access. This makes it impossible to separate authorization between different processes.
According to Camunda’s documentation, most requests to the Public REST API need to include an authorization token either as an Authorization request header or as a URI Query Parameter named access_token
This global authorization mechanism does not support granular access control between different processes using the same connector.
Has anyone else experienced this problem and found a solution? Are there any workarounds or best practices for managing more granular access control?
I’ve heard about implementing a custom authentication method using org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider
or using middleware solutions, but I would appreciate hearing about your experiences and recommendations.
Thanks in advance!