-
Feature Request
-
Resolution: Done
-
L3 - Default
-
None
AT:
- on login the user is authorized against each engine configured and the permissions per user & engine are stored
- on listing process/decision definitions a user only sees the definitions & tenants from engines he is authorized to access
- in multi engine scenario the following holds for user authorizations:
- once a users logs in, we try to authenticate him on each configured engine. For each engine the user is authenticated successfully with we fetch Optimize application authorization and resource authorizations (definition & tenant authorizations)
- a user can access Optimize as soon as one engine grants Optimize Application Access
- if there are several engines with the same definitions (same key + version) a different `defaultTenantId` needs to be configured for each of those engines
- then the user can only see the data of the definition+tenant combinations he has been granted access to by each of the engines
- the case that there are several engines with the same definitions (same key + version) and no `defaultTenantId` is configured is not supported and leads to inconsistent behavior (e.g. if same key exists on multiple engines, multiple process definitions are listed for the same key etc.) => needs to be highlighted in the documentation
- the same limitation applies if the same tenant and definition key pair is present on multiple engines
- the multi-engine documentation is updated to reflect the new behavior
This is the controller panel for Smart Panels app
1.
|
Authorizations are loaded from all connected engines | Done | Unassigned | |
2.
|
Multi Engine documentation is updated | Done | Unassigned |