The modeler has a simple upload UI where users can deploy a dmn or bpmn model. I need to secure the upload so that new models can only be uploaded by users which belong to an admin group of the respective tenant. In Configure Authentication | docs.camunda.org it does not say if there is any authorization mechanism for rest resources, it only talks about authentication against that engine’s identity service.
Groups can be authorized for Deployments, but can I authorize a group of a tenant so that it can only deploy models for that tenant?
I didnt know any ready-to-use plugins.
I mean you have 3 options:
Write plugin to modeler, that will use standard camunda auth rest.
Write camunda-engine plugin, that accept deployments and check standard camunda auth.
You need to this, if you want manage deploy permissions from standard camunda engine.
OR
3) You can simply made one login and pass for simple HTTP Auth and give it to your admins. So you dont need to code, but need to manage all secure-password-user-etc operation manually.