we run one Camunda Engine with about 700+ Tenants.
The Tenants are not in the Database but when starting processes the TenantIdProvider is used to set the tenantId of the process.
The Engine is connected to our LDAP and we have an Administrator-Group. Its users can manage processes, process instances and incidents via the Cockpit and Tasklist.
Now we strongly need a user-group which can only SEE process instances, incidents and its data (of all tenants), but must not change anything.
But this doesn’t seem to work. When we start processes, the “viewer group” can only see processes that don’t have a tenantId set. All others processes are NOT visible. But usually all our processes belong to a tenant.
In the Camunda documentation there’s a hint about restrictions of the LDAP access in a multi-tenancy environment. But does this mean that an LDAP user cannot see processes of a tenant in the Cockpit? This would be a big showstopper.
What do we have to do to get this working?