Wrong authorization check when scheduling history clean up

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Fixed
    • Priority: L3 - Default
    • 7.8.0, 7.7.5, 7.8.0-alpha5
    • Affects Version/s: 7.8.0-alpha3, 7.8.0-alpha4
    • Component/s: engine
    • None

      To execute HistoryService#cleanUpHistoryAsync() the authenticated user must have a DELETE_HISTORY permission on the PROCESS_DEFINITION resource. This does take into account, that the history clean up job also deletes decision instances (and case instances).

      AT:

      • check only if the authenticated user is an admin user

            Assignee:
            Anna
            Reporter:
            Roman Smirnov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: