User does have 'CREATE' permission on resource 'ProcessInstance'

Camunda 7 Topics Discussion & Questions
1

Hi,
my user “studi1” can not start the process “thesiswk”.

I have got the following settings for user studi1 (he is dedicated to group StudentGroup)
grafik

grafik
grafik700×258 13.1 KB

I try to start the process instance via cdi bean. My start event has a dedicated jsf form (thesiswk_preconditions_show.xhtml. At the end of this form I call a method in a cdi bean:

<p:commandButton id="submit_button" value="Voraussetzungen bestätigen" action="#{startThesisProcessController.initProcessAndCompleteProcessInstanceForm()}" />

The method in the bean sets the logged in user in the camunda identity Service and calls

		...     camundaIdentityService.setAuthenticatedUserId(thmUid);	  
    		  try {
    				taskForm.completeProcessInstanceForm();
...

The following error appears:
org.camunda.bpm.engine.AuthorizationException: The user with id 'studi1' does not have 'CREATE' permission on resource 'ProcessInstance'.

Thanks for your help,
Nicole

2

Hi @NickiMueller,

The resource Id for the Create permission of the process instance authorizations should be set to * instead of the process definition key.

https://docs.camunda.org/manual/latest/webapps/admin/authorization-management/#grant-permission-to-start-processes-from-tasklist

2 Likes
3

Thank you. Unfortunately it does not work.Any ideas?

4

Perhaps it has something to do with setting the user via identityService?

Because I use external jsf forms and wildfly authentication, I have to set the current user into camunda identity service - right? I do that with getting the remote user and setting it with:

> 	public String getRemoteUserTHMUid() {
> 				HttpServletRequest request=HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
> 						
> 				String currentStudentThmUid = request.getRemoteUser();
> 				return currentStudentThmUid;
> 			}
...
` camundaIdentityService.setAuthenticatedUserId(getRemoteUserTHMUid());`
5

From above error message, I can see that the system was able to recognize the user.
Can you please try to grant the user itself the proper permissions …

6

Hi,
I have the following settings now, but it does not work

grafik
grafik720×321 15.3 KB

grafik
grafik708×293 14.5 KB

7

Hi @NickiMueller,

May we know the error message with those settings. Is it the same error?
Also grant the user read permission to the process definition.

8

Good morning,
sorry, you are right, now it is another error. When I click on the submit button in the external form which is dedicated to my start event (thesiswk_preconditions_show.xhtml) the following error appears:

org.camunda.bpm.engine.cdi.ProcessEngineCdiException: Cannot associate execution by id: no execution with id ‘8f3d286f-40cb-11ea-84b5-a434d96233af’ found.

Forwarding to the next form (masterdata_insert.xthml) does not work, but when I go to the tasklist, I see that the process is started

grafik
grafik753×304 17.8 KB

When I choose the task and load the external form for this task I can see it.

When I try to save this form, I try to get the user from identityService in the cdi bean, but that does not work (Null pointer exception).

      	Authentication auth = new Authentication();
  auth = camundaIdentityService.getCurrentAuthentication();
  String currentUserThmUid = auth.getUserId();

Thank you so much for you help!
Nicole