Hi,
I want to support multiple tenants such as Google,Amazon,Microsoft.
Now I want to create their Admin users as well as a normal user and collect them under a group.
When I log in from Google tenant Admin, i want to see only the Google users and the tenant specific process which I can run.Also for users I don’t want to show admin view.
I tried to set this up but I can see all the users and all the groups.
Any help will be highly appreciated.
What is the setup you’re using
What exactly did you try? Which type of muliti tenancy are you using? Engine per tenant or tenant makers?
Hi ,
I am using Single Process Engine With Tenant-Identifiers.
I tried creating users through Camunda Admin.
I created the tenants through Camunda UI.
@aravindhrs Have you tried this?
Long back i tried, i also faced the same issue with community edition. But for us we are using cockpit only for incident management.
This is less of a multi-tenacy issues that it is a permissions issue. You need to give the correct authorization to the groups and users to prevent them from seeing anything in admin.
My support group should have access to only tasklist.
But when I log in through the user,I am still able to see cockpit.
Are authorisations turned on in your process engine configuration? Otherwise they will not apply.
I am facing the same issue. Authorizations are turned on.
For a weird reason for when I login with other user credentials,his tasklist is empty.(He actually has tasks when seen from admin’s cockpit)
I received this feedback on a similar issue a while back:
to limit the access in the webapps, the authorization has to be enabled in the configuration of the process engine used by the webapp.
I did Configured Authorization in a Java Class using following code:-
import org.camunda.bpm.engine.spring.SpringProcessEngineConfiguration;
import org.camunda.bpm.spring.boot.starter.util.SpringBootProcessEnginePlugin;
import org.springframework.context.annotation.Configuration;
@Configuration
public class MyProcessEngineConfiguration extends SpringBootProcessEnginePlugin {
@Override
public void preInit(SpringProcessEngineConfiguration processEngineConfiguration) {
super.preInit(processEngineConfiguration);
if (!processEngineConfiguration.isAuthorizationEnabled()) {
processEngineConfiguration.setAuthorizationEnabled(true);
}
}
}
I did it through the property in application.yml.
Tried all possible solutions but still all users are getting Admin view.
Can you share your yml file here?
It’s important that the setting is applied in the configuration of the process engine inside the webapp. Is that the same engine as your main one, that’s executing the work?
camunda.bpm:
admin-user:
id: admin
password: admin
firstName: admin
filter:
create: All tasks
database:
type: postgres
authorization:
enabled: true
Yes its the same Engine present in the webapps.