Hi Camunda Team,
I am using Optimize version 3.8.0 and have successfuly configured it with ElasticSearch and Camunda Engine using docker images, enabled our user access to Optimize resource in Camunda Admin.
When we tried to create process report, the process can be shown; after clicking “Continue”, no preview can be shown but “Missing Authorization”, the report cannot be created.
I also tried restart and add users to superuserId in environment-config.yml, it doesn’t help.
Hi @Helene,
I added the optimize group in definition authorizations with all permissions and resources and the users are granted to the optimize group.
Hi @LOuuu ,
The authorizations in your screenshot are for decision definitions, and from your description it sounds like you’ve created a process report. Can you check if your users have the same authorizations for process definitions as well?
Hi @LOuuu ,
in that case lets have a look at your Optimize logs for more detail on which kind of authorizations are causing the issue. Could you please post them here?
Hm, I would potentially expect at least a ForbiddenException somewhere, but it depends on how your logging is configured. One last authorization to check though, can you confirm that your user also has authorization to the tenant(s) the definition from the report belongs to?
Hi @Helene,
our process ist not assigned to tenants, TenantIDs are null. And I also added the optimize group to all authorizations. The root and optimize debug level are set to DEBUG.
Are there any special configuration supposed to be set in environment-config.yaml?
Hi @LOuuu ,
There’s a good chance those logs are not related to the issue you’re experiencing.
I had a quick go to try and recreate the issue locally with a couple of different authorization combinations but was unsuccessful, at this stage it would make sense to have an even closer look at your setup and the data stored in Elastic. This requires some more hands on assistance though, so I would suggest you open a support ticket with us if you have a licence. That way a support engineer can spend a bit more time looking into it in more detail to try and resolve the problem.