[CAM-8111] Wrong authorization check when scheduling history clean up - camunda JIRA

XML

Word

Printable

Details

Type: Bug Report
Status: Closed
Priority: L3 - Default
Resolution: Fixed
Affects Version/s: 7.8.0-alpha3, 7.8.0-alpha4
Fix Version/s: 7.8.0, 7.7.5, 7.8.0-alpha5
Component/s: engine
Labels:
None

Description

To execute HistoryService#cleanUpHistoryAsync() the authenticated user must have a DELETE_HISTORY permission on the PROCESS_DEFINITION resource. This does take into account, that the history clean up job also deletes decision instances (and case instances).

AT:

check only if the authenticated user is an admin user

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

People

Assignee:: Anna

Reporter:: Roman Smirnov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Aug/17 2:36 PM

Updated:: 27/Oct/17 10:15 AM

Resolved:: 11/Oct/17 1:33 PM