Override existing admin group with Administrator Authorization Plugin

Hello all,

We are using camunda-bpm-spring-boot-starter and the authorization is managed via an external identity provider (IdP). To set the admin group we use the Administrator Authorization Plugin and managed to configure the admin group in our application.yml via config. (with the help of this topic Default camunda-admin group - #4 by palossyl)

But if we change the admin group in our config to a new admin group, the application creates during the startup new entries in ACT_RU_AUTHORIZATION table and it does not override the old configured admin group in the table.

Currently we have to manually delete the old group from the database or via the Camunda Application GUI.

Is there a way to tell the Administrator Authorization Plugin to override the existing admin group at the startup, so we have not to delete the old configured admin group manually?

Any help would be much appreciated!

Thank you.

No, it’s not possible. The permission management is not comfortable at all. To do it in a more comfortable and repeatable way, you’ll have to write a program that would create all the necessary entries. The Admin Plugin is “dumb” in this sense since it grants all possible permissions.