Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-11823

Enabling Authorization does not enable Role Based Acces Control with Candidate Groups

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Cannot Reproduce
    • Icon: L3 - Default L3 - Default
    • None
    • 7.12.0
    • spring-boot
    • None
    • Windows 1024h

      I am using Camunda Spring boot community edition 7.12

      In a workflow process when I assign a human task to a Candidate Group only people in that Candidate Group should be able to claim and complete the task.

      I tried two different ways to test this but it does not work.

      I have camunda:

                        bpm:

                             authorization:

                                   enabled: true

       

      in my application.yml and also explicitely set using Defaults.INSTANCE.setAuthorizationEnabled(true); in my code.

      (1) From user administration created custom Candidate Groups and assign them to users and them mapped Human tasks. Then I try to claim and complete tasks.

      (2) Create a Beare token Authentication provider which reads a JWT token from out authentication server and based on what is in the token it sets the groups (Candidate Groups) to the user using AuthenticationResults.setGroups() method.

       

      Irrespective of what way I follow, anybody can claim anything and complete anything. No access control is enforced. This is a key requirement in any workflow application.

      If I am doing anything wrong, please let me know how to make this work? If this is not working, please give us a quick fix because this is a critical functionality.

       

        This is the controller panel for Smart Panels app

          1. AdminScreenShots.pdf
            313 kB
            Dulshan De Silva

              Unassigned Unassigned
              dulshand@yahoo.com Dulshan De Silva
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: