Granular authorization for BPMN and DMN deployments

XMLWordPrintable

    • Type: Feature Request
    • Resolution: Unresolved
    • Priority: L3 - Default
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      User Story (Required on creation):

      As an Admin, I want to set authorization for cockpit deployments for DMN and BPMN files separately.

      Functional Requirements (Required before implementation):

      • CREATE permissions can be assigned to users for to the PROCESS_DEFINITION, DECISION_DEFINITION and DECISION_REQUIREMENTS_DEFINITION resources
      • If a user does not have that permission, a deployment containing a corresponding resource fails (a deployment containing a .dmn file fails if the user does not have CREATE on both DECISION_DEFINITION and DECISION_REQUIREMENTS_DEFINITION)
      • The CREATE permission on DEPLOYMENT Is still required

      Technical Requirements (Required before implementation):

      • The permissions must be explicitly activated in the engine configuration to keep backwards compatibility (i.e. not lock users out of the system after the update)
      • From a security standpoint, it is important that the permission check is made before the models are parsed (because the model content may be malicious)

      Limitations of Scope (Optional):

      • This does not affect which models and definitions a user can read after a deployment was made

      Hints (Optional):

        This is the controller panel for Smart Panels app

              Assignee:
              Unassigned
              Reporter:
              Andre
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: