Minimal authorization for external task worker with basic auth

My engine rest is secured, my users and groups are mapped via ldap. I use basic-auth user/passwd for my worker. I am able to connect but get no tasks executed.
I suppose I have to authorize the user (resp. group) of my basic-auth account. But what categories are the minimal required? task? definition? … thanks!

An off topic reply which could however help getting real answers: are you sure you wanted to ask about the authentication and not authorization?

1 Like

Well, I get your point … I am referring to the camunda cockpit tab “authentication” … where I set the (potentially 21) authentications for users and groups.

You are right … authorization. I created an authorization for ResourceType “7” … which should be Task. I am connected somehow, but I do not get the tasks forwarded to my worker code … what am I missing?

Hi @jangalinski
The minimum is to grant the worker user READ and UPDATE permissions for the Process Instance resource. Nothing to do with Task resource.

1 Like

Thank you, hassang! Saved my day!

Is this, by any chance, documented somewhere in an “External Task Worker” How-To?

1 Like

Unfortunately, no.

Do you happen to know whether the permission to read and update the Process Definition would also do the trick?

Hi @fml2

You can achieve the same by granting the user READ_INSTANCE and UPDATE_INSTANCE permissions for Process Definition resource

1 Like

This is good to know! IMO defning permissions on the “Process definition” resource is better because it’s then possible to specify a particular model.

:100:
Exactly, this approach allows you to limit granted permissions based on the model.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.