How to Create a View-Only User in Cockpit

Camunda 7 Topics Discussion & Questions
, ,
1

I’m trying to create a user in Cockpit who has view-only access. This user should be able to see only the cockpit, without access to user tasks or the administration section. They should only be able to view process instances and definitions without being able to make any changes. How can I set this up?

2

Hello my friend!

First of all, add the following to your application.yml:

camunda.bpm:
 authorization:
 enabled: true
 default-serialization-format: application/json

This will enable the authorization handling functionality.

In Camunda Admin, create a new group like “Cockpit reader” like my example.

image

On Users menu, click to edit the user who wants read access, and place them within this group.

image
image759×237 20.2 KB

image

Now go to the Camunda Admin Manage Authorizations screen:

image
image756×480 31.6 KB

Now let’s define which views we would like to give access to this group of users:

On this screen, select Application from the menu on the left and define the group with permission to access the cockpit.

image
image841×321 35.8 KB

Then in the Process Definition menu, configure this group to have only “Read” access. This will allow him to visualize the drawings of the processes that exist in his project:

image
image914×654 71 KB

Then you need to enable it to view process instances… so we need to go to the Process Instance menu as well and enable this:

image
image925×571 61.2 KB

And so you can release the access you want, step by step.

The Authorizations menu is very granular and complete, you can fully control authorizations regarding views and data manipulation by user and user groups.

I always recommend that everyone do everything through group definitions for each type of user, so when there is another user who needs the same access, you just need to place this specific user in a group that you have previously configured.

Hope this helps.

William Robert Alves

2 Likes
3

I just can’t express how grateful I am, William. Thank you so much! I had already created the group, assigned users, and managed access. The only thing I hadn’t done was enabling authorization via application.properties. Now it works perfectly. Big thanks!

1 Like
4

Niceeee my brother!

I’m very happy to be able to help!
Count on me! :rocket::rocket::rocket:

William Robert Alves!

5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.