Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-1224 I can manage Users
  3. OPT-1231

The user has only access to reports of process definitions he is authorized to

    XMLWordPrintable

    Details

    • Type: Feature Part
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.0
    • Component/s: backend
    • Labels:
      None

      Description

      AT:

      • the user can only create reports for process definitions he has access to
      • when a user retrieves the list of all reports, he gets only those reports where he has been granted access to the process definition
      • evaluating a report with a process definition the user has no access to returns an error message
      • deleting a report for a process definition the user has no access to returns an error message
      • a user is authorized for a definition if one of the following authorization in the engine are defined (assume the user is called "Kermit" and is in the "Kermits-Gang" group, aProcessDefinitionKey is a definition key that is in the engine):
        • Type: ALLOW, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
        • Type: ALLOW, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
        • Type: ALLOW, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
        • Type: ALLOW, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
        • Type: GLOBAL, User/Group: *, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
        • Type: GLOBAL, User/Group: *, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
      • an authorization can be revoked with the following settings:
        • Type: DENY, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
        • Type: DENY, User: Kermit, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
        • Type: DENY, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: aProcessDefinitionKey
        • Type: DENY, Group: Kermits-Gang, Permissions: ALL/READ+READ_HISTORY, Resource ID: *
      • the precedence of the authorizations is according to here

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            johannes.heinemann Johannes Heinemann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: