Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.11.0, 7.11.0-alpha4
Affects Version/s: None
Component/s: engine
Labels:
None

AT:

Extend https://docs.camunda.org/manual/7.10/reference/rest/authorization/get-check/ such that the user for which to check authorization can be defined as a query parameter
If the user to be checked has the requested permission, but the requesting user is not allowed to read that permission, then the result should be "not authorized"

Context:

Cawemo and Optimize use the platform's user and permission management
so far, the way to achieve that is to make user and authorization queries and evaluate the access check logic on their side, which is inefficient, complicated and error-prone for a security-critical task

This is the controller panel for Smart Panels app

Assignee:: Unassigned
Reporter:: Catalina Moisuc
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 19/Nov/18 5:21 PM
Updated:: 02/May/19 12:55 PM
Resolved:: 02/Apr/19 3:31 PM