If yes then how can i do that. Do I need to change the login/ register process so that it may refer to different DB schema table?
One of the the following interfaces should be implemented:
org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProviderorg.camunda.bpm.engine.impl.identity.WritableIdentityProvider
Then create a SessionFactory returning one of them, and register it calling the processEngineConfiguration.setIdentityProviderSessionFactory(...) method.
You can read about this here: Identity Service.
A bit more practical:
There is a good example and starting point in the codebase, the LDAP identity plugin. Perhaps you can start by copying the code, remove the LDAP specific queries and initializations, and replace with the queries against your database. Eventually rename the classes from Ldap* to Jpa* 
.
Look into this classes.
Relevant changes must be done only in one class, in the org.camunda.bpm.identity.impl.ldap.LdapIdentityProviderSession.
Metods like
List<User> findUserByQueryCriteria(LdapUserQueryImpl query)...
List<User> findGroupByQueryCriteria(LdapGroupQueryImpl query)...
public boolean checkPassword(String userId, String password)...
should not asscess LDAP, but retrieve the users from your database.
The parameter class of the above methods LdapUserQueryImpl is actually not LDAP specific, it holds the query criteria set internal by camunda.
You should use this query criteria to run a query against your database, retrieve your users, and map them to a list of camunda’s User objects. (Fields like firstname lastname, groupname, email, etc. are quite common in every structure, map where it is possible).
To bootstrap your identityprovider use the AdministratorAuthorizationPlugin, as it is used by LDAP too.
Hope this could help you a bit?
1 Like
Hi, perhaps is not actual any more :).
There is a simple demo application to that on my github now, with an own user schema:
camunda-bpm-example-own-userdb-schema
If it’s still relevant!
1 Like
Thanks for sharing the example! I’m sure it’ll be very useful to people dealing with user access questions.
CREATE OR REPLACE VIEW bpmn.act_id_user AS SELECT c.username AS id_,
1 AS rev_,
'camunda'::text AS first_,
c.username AS last_,
cp.email AS email_,
NULL::text AS pwd_,
NULL::text AS salt_,
NULL::text AS lock_exp_time_,
NULL::text AS attempts_,
NULL::text AS picture_id_
FROM credential c
JOIN credential_password cp ON c.id::text = cp.id::text
JOIN role_granted rg ON rg.credential_id::text = c.id::text
JOIN role r ON rg.granted_role_id::text = r.id::text
WHERE r.name::text = 'ROLE_GLOBAL_SYSTEM_MANAGER'::text;
CREATE OR REPLACE VIEW bpmn.act_id_membership AS SELECT c.username AS user_id_,
'camunda-admin'::text AS group_id_
FROM credential c
JOIN credential_password cp ON c.id::text = cp.id::text
JOIN role_granted rg ON rg.credential_id::text = c.id::text
JOIN role r ON rg.granted_role_id::text = r.id::text
WHERE r.name::text = 'ROLE_GLOBAL_SYSTEM_MANAGER'::text;Really, can be solved at SQL - table level too !