User Authorization issue

I’m trying to create a read-only user for Cockpit/Tasklist/Admin similar to here:

But when I create the new user it seems to have all of the privileges of the camunda-admin user even tho the new user does not exist in that group.
No matter what authorizations I try to grant the new user none seem to take effect and it always appears that they have full camunda-admin privileges.
Most specifically I’m trying to remove access to the Delete process Action from the Cockpit.

I’ve also followed the examples listed here to no avail:
https://docs.camunda.org/manual/7.16/webapps/admin/authorization-management/

Is there a configuration property I’m missing?

Camunda ver 7.14.0-ee running in a WildFly container

Discovered there is an authorizationEnabled property that is false by default. When set to true I see the expected behavior.

2 Likes

@brepine How can Enable authorizationEnabled ? where is this property?

If you’re using a spring boot-based version of Camunda (i.e., camunda run), the property is within your configuration, i.e., default.yml or application.yml.
There you can add

camunda.bpm:
  authorization:
    enabled: true

For our WildFly environment we enabled this property in the process-engine configuration of the standalone.xml

1 Like