Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-3609

I can restrict process-related Api access through authorizations

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.3.0, 7.3.0-alpha3
    • None
    • engine
    • None

      Users want to be able to authorize api operations which change the state of process definitions, process instances, task, variables, ...
      Or put differenty, they want to be able to restrict access to certain resources such as process definitions, process instances, task, jobs, ...

      Useful at different levels:

      • application (cockpit, tasklist, custom)
      • rest api
      • java api

      Camunda has an existing resource-oriented authorization framework: http://docs.camunda.org/latest/guides/user-guide/#process-engine-authorization-service
      This should be used and applied to additional process-related resources

      How can I define an authorization?

      Ideas:

      • java api,
      • rest api,
      • Camunda admin,

      At which granularity can I define authorizations?

      Proposal:

      • Process definition (incudes job definitions and histrory? => see below)
      • Process instance (includes variables, jobs, incidents, event subscriptions)
      • Task (includes variables, attachments, ... comments ... )
      • Deployment (includes resources)
      • Identity Link

      Question: History? Proposal: process definition authorizations are used. (Discussion needed: will cause problems in Tasklist)

        This is the controller panel for Smart Panels app

              smirnov Roman Smirnov
              meyer Daniel Meyer
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: