Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.3.0, 7.3.0-alpha3
Affects Version/s: None
Component/s: engine
Labels:
None

Description

Users want to be able to authorize api operations which change the state of process definitions, process instances, task, variables, ...
Or put differenty, they want to be able to restrict access to certain resources such as process definitions, process instances, task, jobs, ...

Useful at different levels:

application (cockpit, tasklist, custom)
rest api
java api

Camunda has an existing resource-oriented authorization framework: http://docs.camunda.org/latest/guides/user-guide/#process-engine-authorization-service
This should be used and applied to additional process-related resources

How can I define an authorization?

Ideas:

java api,
rest api,
Camunda admin,

At which granularity can I define authorizations?

Proposal:

Process definition (incudes job definitions and histrory? => see below)
Process instance (includes variables, jobs, incidents, event subscriptions)
Task (includes variables, attachments, ... comments ... )
Deployment (includes resources)
Identity Link

Question: History? Proposal: process definition authorizations are used. (Discussion needed: will cause problems in Tasklist)

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Issue Links

is related to

CAM-3164 As Tasklist User I do not see processes which I cannot start (Start process dialog)

Closed

CAM-3710 TaskService api methods are restricted through authorizations

Closed

Activity

People

Assignee:: Roman Smirnov

Reporter:: Daniel Meyer

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Mar/15 1:26 PM

Updated:: 23/Apr/15 10:39 AM

Resolved:: 22/Apr/15 10:26 AM

I can restrict process-related Api access through authorizations