User does have 'CREATE' permission on resource 'ProcessInstance'

Hi,
my user “studi1” can not start the process “thesiswk”.

I have got the following settings for user studi1 (he is dedicated to group StudentGroup)
grafik

I try to start the process instance via cdi bean. My start event has a dedicated jsf form (thesiswk_preconditions_show.xhtml. At the end of this form I call a method in a cdi bean:

<p:commandButton id="submit_button" value="Voraussetzungen bestätigen" action="#{startThesisProcessController.initProcessAndCompleteProcessInstanceForm()}" />

The method in the bean sets the logged in user in the camunda identity Service and calls

		...     camundaIdentityService.setAuthenticatedUserId(thmUid);	  
    		  try {
    				taskForm.completeProcessInstanceForm();
...

The following error appears:
org.camunda.bpm.engine.AuthorizationException: The user with id 'studi1' does not have 'CREATE' permission on resource 'ProcessInstance'.

Thanks for your help,
Nicole

Hi @NickiMueller,

The resource Id for the Create permission of the process instance authorizations should be set to * instead of the process definition key.

https://docs.camunda.org/manual/latest/webapps/admin/authorization-management/#grant-permission-to-start-processes-from-tasklist

2 Likes

Thank you. Unfortunately it does not work.Any ideas?

Perhaps it has something to do with setting the user via identityService?

Because I use external jsf forms and wildfly authentication, I have to set the current user into camunda identity service - right? I do that with getting the remote user and setting it with:

> 	public String getRemoteUserTHMUid() {
> 				HttpServletRequest request=HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
> 						
> 				String currentStudentThmUid = request.getRemoteUser();
> 				return currentStudentThmUid;
> 			}
...
` camundaIdentityService.setAuthenticatedUserId(getRemoteUserTHMUid());`

From above error message, I can see that the system was able to recognize the user.
Can you please try to grant the user itself the proper permissions …

Hi,
I have the following settings now, but it does not work

Hi @NickiMueller,

May we know the error message with those settings. Is it the same error?
Also grant the user read permission to the process definition.

Good morning,
sorry, you are right, now it is another error. When I click on the submit button in the external form which is dedicated to my start event (thesiswk_preconditions_show.xhtml) the following error appears:

org.camunda.bpm.engine.cdi.ProcessEngineCdiException: Cannot associate execution by id: no execution with id ‘8f3d286f-40cb-11ea-84b5-a434d96233af’ found.

Forwarding to the next form (masterdata_insert.xthml) does not work, but when I go to the tasklist, I see that the process is started

When I choose the task and load the external form for this task I can see it.

When I try to save this form, I try to get the user from identityService in the cdi bean, but that does not work (Null pointer exception).

      	Authentication auth = new Authentication();
  auth = camundaIdentityService.getCurrentAuthentication();
  String currentUserThmUid = auth.getUserId();

Thank you so much for you help!
Nicole