Delete user doesn't delete user-authorization

Camunda 7 Topics Discussion & Questions
1
  1. Create user, add authorization for user (permission.ACCESS to resourceId=“tasklist”)
  2. Delete user
  3. Recreate user (old username) will run into error: java.sql.BatchUpdateException: Duplicate entry ‘[username]-1-0-tasklist’ for key ‘ACT_UNIQ_AUTH_USER’

Is it a bug or a feature that deleting users do NOT delete his authorizations?
Is it by design, that I have to check for all existing autorizations and delete them when deleting a user?
And furthermore: Before adding a new user I have to not only to check if username already exist, but I have also to check if any authorization for this username is left over from old users?

2

Hi @lesny,

in the default setup of the engine only the authorizations on the resources USER and TENANT related to a user are deleted when the user is deleted.

So, it is expected as of now, but I would agree that it might be a better approach to delete all other authorizations as well in this case.

Would you mind opening a feature request in our Issue Tracker?
You are of course also very welcome to open a PR in the repository changing that behavior. The DbIdentityServiceProvider would be a good starting point to look into this.

Best,
Tobias