Details
-
Sub-task
-
Resolution: Fixed
-
L3 - Default
-
None
-
None
Description
Document what the new SYSTEM permissions are, where they are used and who should have them.
- What are the new SYSTEM permissions?
- READ, WRITE, DELETE on any system resource
- resource ID is ignored
- Where are they used?
- Telemetry Configure
- Is Telemetry Enabled
- Get Telemetry Data
- Get Table Count
- Get Table Name
- Get Table Meta Data
- Get History Level
- Get Properties
- Set Property
- Delete Property
- Delete License Key
- Set License Key
- Get License Key
- Register Process Application
- Unregister Process Application
- Register Deployment
- Unregister Deployment
- Get Registered Deployments
- Get Process App for Deployment
- Delete Metrics
- Delete Task Metrics
- Schema Log
- Who should have the new SYSTEM permissions?
- Operations Engineers and People who have access to system properties and statistics but don't require full access to the application like an administrator.
- Who should NOT have the new SYSTEM permissions?
- Usually authenticated admins don't need the SYSTEM permissions as they are already allowed to use those functions.
- Regular users who don't need access to system information and functions.
Where to document the permissions
- https://docs.camunda.org/manual/latest/user-guide/process-engine/authorization-service/#read-update-create-delete
- Section about Operations Engineers like for Administrators https://docs.camunda.org/manual/latest/user-guide/process-engine/authorization-service/#administrators
- Table with system functions and required permissions