How to create user who have only read access in cockpit

Hi,

I am using camunda springboot community version 7.17.

How can I create a user who is havign only read access in the cockpit. (the user should not be able to delete the instances or delete the deployment versions). which means the user should not have admin access. Thanks in advance.

Thanks,
Venkaiah.

Hello dude!!! How are you?!

You can access the “Admin” and create a group that has read access only.

After that, create a new user… and put him in this group.
and finally … do as I did in the print below:

with this you are allowing read access to the entire “process definition”.
But if you only do this, he will not be able to visualize the instances, only the drawn process flow.

So that he can also view the instances, it will be necessary to do the same process in the “process instance” screen of the “Admin”.

Do the same process for all the steps you want to release to the user/group.

Any questions, you can call me!

Regards,
William Robert Alves

1 Like

Hi @WilliamR.Alves,

I am here again, I tried the steps but still I am able to delete the instances with new user even we restrict to read access.

Steps I have done is:
created new user here:

Created new group here:

added user to tenent group:

now did the autherization as you said above:

but still seeing able to delete the instances with user name test login… could you please help me here where I am doing wrong… Thank you in advance.

Thanks,
Venkaiah.

What’s up my friend!!!

In “Authorizations” you need to remove the access of the test group and the user that you don’t want to have access.

And just put “READ” for the user or group you want to have read access …

For example:

in this case, as I want to give access to the entire Camunda application, I left the “cockpitReadOnly” group as ALL.

In the AUTHORIZATION field, I didn’t put the “cockpitReadOnly” group as you can see in the image:

In the PROCESS DEFINITIONS field, I put the group only as READ… this means that he can only SEE the process flows, but does not allow him to visualize the instances.

To allow it to view the instances you need to add the user OR the group in the PROCESS INSTANCE field.

Don’t forget, the fields you don’t want to authorize… you need to remove the test user or the group the user is in.

I hope this helps!

Regards.
William Robert Alves

1 Like

Thank you so much for all your answers @WilliamR.Alves
Will try the above approach and update you. Thank you again.

Thanks,
Venkaiah.