Problems with authorization

Markus · August 22, 2016, 2:43pm

Hi,

I have some problems with authorization.

I user camunda version 7.5.0 as embedded process engine.

I set authorizationEnabled to true and added a authorization to read process definitions to the database. I did not use the identity schema of camunda but authenticated the user which owns the authority .

Unfortunately I am not able to read process definitions via rest api. I always get an empty list returned.

Do I forgot some basic configuration?

Best regards,

Markus

roman.smirnov · August 23, 2016, 7:42am

Hi @Markus,

Could you please elaborate this a little bit more please?

How does the authorization looks like? Could you share them? How do you use the Rest API? Did you switch on the basic authentication of the rest api (see 1)? So, if you perform a request, is the corresponding authenticated?

Cheers,
Roman

Markus · August 23, 2016, 9:19am

Hi Roman,

I found my mistake by showing sql log for authorization query.
It is important to add a RESOURCE_ID in Authorization otherwise it would not work ( maybe set a NotNull constraint?).

What I want to achieve is that user can only read and work on tasks they are assignee of.
I found the TASK_WORK Permission but it applies for all Tasks.
Do I really have to set a Authorization for each known task in the system (set taskActivityId as Resource_Id) or is there an other way to achieve my goal?

Best regards,

Markus

joechromo · January 28, 2017, 12:33pm

Markus-

Did you ever get an answer to this? or solve this problem?

I spent several hours wiring in our JWT auth to set the authenticated user… then I enabled auth…

I did this all in hopes that it would some how address this use case (ie only return tasks for which my users are assigned) and it did not work the way I hoped.

See this: Auth Query issues

Thanks,

Joe