Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-5162

Group authorizations are not working on some REST API methods

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Won't Fix
    • L3 - Default
    • None
    • 7.4.0
    • engine
    • None
    • Amazon Linux, Tomcat standalone distribution 7.4.0

    Description

      Group level authorizations seem to be ignored on some REST API methods, including the following (possibly more).

      • GET deployment
      • GET process-definition
      • GET process-instance
      • GET group

      For example, if we have an authorization on all deployments (permissions=ALL resource id = *) for a group bpm_admin, an authenticated member of that group should be able to query deployments via the GET deployment method. However, the method actually returns a 200 OK response with an empty response body.

      If we add a user-specific authorization, the method responds correctly with the list of deployments.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Task - A task that needs to be done. CAM-5134 I can read documentation how to disable authorization checks when using ldap plugin

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                Unassigned Unassigned
                tomxland Tom Crossland
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce