Understanding authorizationEnabled

I am writing some proof of concepts to get familiar with Camunda. Is the authorizationEnabled intended only for REST API resources?

I would expect, that if I turn it on

application.yaml

camunda:
  bpm:
    authorization:
      enabled: true

then the following test fails, because there is no authorization created.

autoMock("bpmn/sample.bpmn");
identityService().setAuthenticatedUserId("frederik");
final ProcessInstance processInstance = runtimeService().startProcessInstanceByKey("Sample");

Or am I supposed to call AuthorizationService#isUserAuthorized manually?

Edit

It seems that the main problem is that ProcessEngineConfiguration#authrorizationEnabled is always false. Keep investigating why it is not propagated from the configuration.

1 Like

A working test is in a different thread, see Test does not read process.xml