Create Authorization for EveryOne with * not working

Dear community,

currently, I am trying to create an process definition that can be started by any logged in user.

image

If I configure the authorizations like shown above it is working perfectly. However, in the above example I need to define a specific user id or group id. If I replace the specific user id by a star (“*”) I get an error: org.camunda.bpm.engine.AuthorizationException: The user with id ‘admin’ does not have ‘CREATE_INSTANCE’ permission on resource ‘#’ of type ‘ProcessDefinition’.

I could create a group and add all users to this group. However, this is logic I want to avoid as it is error prone.

Even better would be, if could tell in the process model candidate starters user = * or somethind similiar.

Is this just not possible or am I doing something wrong?

Any hint will be appreciated.

I could figure it out myself.
By chance, I found out that I need to set type of authorization to GLOBAL.

I can’t exactly tell, why I should use GLOBAL instead of ALLOW. Intuitively, I would assume that ALLOW means ALLOW regardless whether I use a specific user id or a wildcard. However, obviously for global permissions I need the type GLOBAL.
Everyone, who wants read more about that topic in the manual, here is where you can find more information: Authorization Service | docs.camunda.org

1 Like