My engine rest is secured, my users and groups are mapped via ldap. I use basic-auth user/passwd for my worker. I am able to connect but get no tasks executed.
I suppose I have to authorize the user (resp. group) of my basic-auth account. But what categories are the minimal required? task? definition? … thanks!
An off topic reply which could however help getting real answers: are you sure you wanted to ask about the authentication and not authorization?
Well, I get your point … I am referring to the camunda cockpit tab “authentication” … where I set the (potentially 21) authentications for users and groups.
You are right … authorization. I created an authorization for ResourceType “7” … which should be Task. I am connected somehow, but I do not get the tasks forwarded to my worker code … what am I missing?
Hi @jangalinski
The minimum is to grant the worker user READ and UPDATE permissions for the Process Instance
resource. Nothing to do with Task
resource.
Thank you, hassang! Saved my day!
Is this, by any chance, documented somewhere in an “External Task Worker” How-To?
Unfortunately, no.
Do you happen to know whether the permission to read and update the Process Definition
would also do the trick?
Hi @fml2
You can achieve the same by granting the user READ_INSTANCE and UPDATE_INSTANCE permissions for Process Definition
resource
This is good to know! IMO defning permissions on the “Process definition” resource is better because it’s then possible to specify a particular model.
Exactly, this approach allows you to limit granted permissions based on the model.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.