Create Case instance Authorization

Hi all,

I’m currently working on a case application with Camunda BPM. When using the REST API (engine-rest) I noticed that there is no way to provide authorization details for creating a case instance (like there is for process instances). Currently any authenticated user can start all deployed case definitions? Am I missing something or is case authorization not (yet) available?

I found this thread on the old forum, describing the same issues / use case. Link

Thank you in advance.

Kind regards

Pieter Vincken

Hi Pieter,

currently, there is no authorization for CMMN.

If you plan to implement it then it would be great to share it with the community by providing a pull request. A first entry point could be the class AuthorizationCommandChecker that is invoked by the commands and should do the checks using the AuthorizationManager.

Greetings,
Philipp