L3 - Default Context:
Going forward with event basd processes also potentially including camunda data we decided to introduce a permission layer for them. Rather than event based processes being available to all users authorized to access optimize the users that create event based processes have to grant access to users or groups.
AT:
- there is a CR(U)D Rest API for permissions for a specific event based process
- event based process permission entries have no type like grant,revoke but are by default just grant permissions
- there is a UI to manage those permissions per event based process
- permissions are enforced on definitions endpoints as well as on reports (same behavior as for a engine permissions, reports where the user has not full definition access are hidden, any definition endpoint only returns authorized event based process definitions)
UI-Designs:
pending asia.malina
This is the controller panel for Smart Panels app
1.
|
Event Based Process Permission API |
|
Done | Unassigned |
2.
|
Event Based Process Permission UI |
|
Done | Unassigned |
3.
|
API to query an identity by id |
|
Done | Unassigned |
4.
|
Improve handling of invalid user/groupIds |
|
Done | Unassigned |
5.
|
Create Identity API to get current user |
|
Done | Unassigned |
6.
|
Enforce Event Based Process Permissions on definition endpoints |
|
Done | Unassigned |
7.
|
Enforce Event Based Process Permissions on report & collection endpoints |
|
Done | Unassigned |