In Camunda 7, I’m looking to assign specific privileges to created users, but it seems that the users are automatically receiving all admin privileges. I’m seeking a solution to address this issue. To clarify further, I intend to grant access rights to the task list and cockpit only to designated users based on their assignments. How can I go about achieving this goal?
Hello my friend! Welcome to fórum!
-
Access Camunda Admin and create a user group there by accessing “Groups → Create new group”.
-
After doing this, still in Camunda Admin, go to the field
“Authorizations → Manage authorizations”, and define all the types of authorizations you want for your new group of users there. -
When defining the group and authorizations, go to “Users → List of users” and when clicking on “Edit” in any user you can define which group he belongs to.
If you click this box below, you can change to authorize a specific user, a specific group.
[to do it, click on “Edit”]
Remember that in the Authorizations field, you must select item by item and define which type of authorization you want for the specific group.
I hope this helps.
William Robert Alves
Thank you very much for your cooperation, I ll have a try
Dear friend,
The case is if I do not create any group other than default admin group and If I created a another user called cockpitUser, and I did not assign any group to that user or If I did not provide any authorizations to that cockpitUser then if I log with that cockpitUser still that user is having all authorization to access Admin, Cockpit and Tasklist resources, without creating any authorization that cockpitUser is having all the privileges, Im wondering with this issue my friend still I cant create a user who is having authoization to access only tasklist with this, can you help me out please
Hi @bhanukashehan,
by default the authorization is disabled: Authorization Service | docs.camunda.org
It depends on your Camunda 7 distribution where to change the setting.
Which distro do you use? Spring Boot Starter, Camunda Run, Tomcat Shared engine, Wildlfly Shared engine?
Hope this helps, Ingo
Dear Ingo,
Thank you very much for that information, and I’m using Spring Boot Starter, can you give me some reference to enable authorization in it, it will be great help.
Hello my friend!
You can enable this in your application.yaml
by setting the authorization
field to enabled:true
, then you will have this enabled.
Below is an example of application.yaml
file already with the authorization field.
camunda.bpm:
admin-user:
id: demo
password: demo
filter:
create: All tasks
authorization:
enabled: true
default-serialization-format: application/json
William Robert Alves
Hi @bhanukashehan,
take a look at all spring boot configuration options here: Process Engine Configuration | docs.camunda.org
When you scroll down the table to “Authorization”, you can find the property that @WilliamR.Alves already mentioned.
Hope this helps, Ingo
Dear William,
Thank you very much for your guidance. Your solution has been worked for me
Dear Ingo,
Thank you very much for your guidance, William’s solution worked for me and it has already mentioned in documentation for springboot configuration also.