Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-10315

Establish authorization for operation logs unrelated to process definitions

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.11.0, 7.11.0-alpha5
    • Component/s: engine
    • Labels:
      None

      Description

      There are operation log entries that can be read and deleted without authorization, this includes:

      • Standalone task operation logs
      • Standalone job operation logs
      • Admin log (user, tenant, group, membership, authorization, ...)
      • Metrics operation logs
      • Case (Instance, Definition) operation logs
      • Decision definition operation logs
      • Deployment operation logs
      • Batch operation logs
      • Filter operation logs
      • Property operation logs (e.g. license key)

      There needs to be an authorization for those logs as well, e.g. by establishing new permissions on a new resource UserOperationLog.

      Hint:
      Old log entries (pre 7.11.0) and new log entries need to be treated, the old entries can be identified by CATEGORY_ being null.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              tobias.metzke Tobias Metzke-Bernstein
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: