Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-11914

EE resources are not initially accessible for a non-admin user

    XMLWordPrintable

    Details

    • Type: Bug Report
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.13.0, 7.13.0-alpha5
    • Component/s: webapp
    • Labels:
      None

      Description

      Steps to reproduce:

      • There is a non-admin user with access rights for Cockpit
      • A valid license key is in the database
      • The server is freshly started (i.e. no admin user has previously logged on)
      • The non-admin user logs into the EE Cockpit

      Expected behavior:

      • The user can work with Cockpit and access any EE plugins

      Current behavior:

      • The user cannot access EE plugins

      Root cause:

      • Accessing EE plugins triggers a license check
      • The license check result is usually cached, but after a fresh start the cached value is empty
      • The license checker accesses the database to see if a valid license is present
      • This access requires admin privileges and therefore fails with an AuthorizationException
      • This was accidentally introduced with https://github.com/camunda/camunda-bpm-platform-ee/commit/3701c152f674acf7f8b6bd74f64c86d1f5d7f0a4 where code that cleared the user authentication (thereby disabling authorization checks) was removed where the license key is read

        Attachments

          Activity

            People

            Assignee:
            michael.schoettes Michael Schoettes
            Reporter:
            thorben.lindhauer Thorben Lindhauer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: