modibe
September 23, 2022, 11:38am
1
Hi,
I am using the Camunda Web Application.
Below, my contest:
I have two groups : group_1 and group_2
I have two users : user_1 and user_2
user_1 is member of group_1 and user_2 , member of group_2
I have a model with TASK A , where I configure CandidateGroup with group_1
How can I restrict the user_2 to claim the TASK A to complete the task?
Thanks you for your help.
Patrick
modibe
September 30, 2022, 9:34am
2
If somoene have any idea about this situation?
Thanks for help,
Patrick
hassang
September 30, 2022, 10:47am
3
Hi @modibe ,
Please ensure that authorization is enabled.
If authorization is enabled and candidateGroup is set to group_1 then only members of group_1 could claim the task.
Disallow unauthorized access by securing the Camunda Platform 7.x before going live with your process applications. Understand Camunda user management essentials, enforce authorization for the REST API, define access rights for Camunda specific...
modibe
September 30, 2022, 11:18am
4
Hi @hassang ,
Thanks for your reply.
I enabled the authorization in the default configuration file like this
authorization.enabled: true
admin-user:
id: demo
password: demo
run:
type or paste code here
But, no security is applying when a user claim the task.
Are there any configuration I should make in the authorization dashboard?
Thanks for your help,
Patrick
hassang
September 30, 2022, 12:25pm
5
Hi @modibe ,
Could you please share your model…
I assume that groups are created and users are assigned using the admin
app.
modibe
September 30, 2022, 12:44pm
6
Hi @hassang ,
This my model.
Patrick
test_authorization_group.bpmn (3.2 KB)
hassang
September 30, 2022, 1:15pm
7
Hi @modibe ,
Do you mean that user_2 who is a member of group_2 was able to claim Task A?
modibe
September 30, 2022, 1:55pm
8
Hi @hassang ,
Yes, The user_2 was able to claim TASK A.
In the admin App, I have created users and join them to the rights groups.
With this configuration, It should work.
The authentification is enabled.
Sometimes, I have to do some configuration in the Authorization module?
Patrick
modibe
October 6, 2022, 1:50pm
9
Hi,
Is somoene is able to help me to solve this issue?
Thanks,
Patrick
Hi @modibe ,
Could you please share the authorizations you have on Process Definition resource? Do you have a grant all permissions authorization?
modibe
October 7, 2022, 8:58am
11
Hi @hassang ,
Thanks for your help.
Find below the screenshot of the process definition authorization.
The resourceID “autorisation-group” is the ID of my process.
Thanks,
patrick
Hi @modibe ,
Okay…
There are several permissions available on Process Definition resource including Task
related permissions (Read Task, Update Task,…) so when both groups are granted all permissions then members of both groups can freely interact with all the tasks belong to the specified process definition.
Try removing Task related permissions from the above authorizations. I believe that Read
permission is required and specific users or groups might need to have Create Instance
permission.
In short, something similar to below should work
1 Like
modibe
October 7, 2022, 10:10am
14
Hi @hassang ,
Thanks a lot. This solution solve my issue.
I add the option “READ TASK” . This make any group visualize the task even if it can’t claim the task.
Patrick
1 Like
hassang
October 7, 2022, 10:19am
15
Exactly…permissions should be selected as per the needs.
1 Like
Hi @modibe ,
i did the same above steps but still my user 2 of group b can able to claim task A
i too am facing the same issue…can anyone please help