My engine rest is secured, my users and groups are mapped via ldap. I use basic-auth user/passwd for my worker. I am able to connect but get no tasks executed.
I suppose I have to authorize the user (resp. group) of my basic-auth account. But what categories are the minimal required? task? definition? … thanks!
An off topic reply which could however help getting real answers: are you sure you wanted to ask about the authentication and not authorization?
1 Like
Well, I get your point … I am referring to the camunda cockpit tab “authentication” … where I set the (potentially 21) authentications for users and groups.
You are right … authorization. I created an authorization for ResourceType “7” … which should be Task. I am connected somehow, but I do not get the tasks forwarded to my worker code … what am I missing?
Hi @jangalinski
The minimum is to grant the worker user READ and UPDATE permissions for the Process Instance resource. Nothing to do with Task resource.
1 Like
Thank you, hassang! Saved my day!
Is this, by any chance, documented somewhere in an “External Task Worker” How-To?
1 Like
Unfortunately, no.
Do you happen to know whether the permission to read and update the Process Definition would also do the trick?
Hi @fml2
You can achieve the same by granting the user READ_INSTANCE and UPDATE_INSTANCE permissions for Process Definition resource
1 Like
This is good to know! IMO defning permissions on the “Process definition” resource is better because it’s then possible to specify a particular model.
Exactly, this approach allows you to limit granted permissions based on the model.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.