Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-7124

Retrieve and implement tenant authorization for user in C8

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • L3 - Default
    • 3.11.0
    • None
    • None
    • None

    Description

      Context:

      With implementation of multi tenancy in C8, Optimize now needs to retrieve information on which tenants a logged in user is authorized to see to use in tenant auth checks for things like reports, collection scopes etc.

      To reduce amount of PRs, this ticket will also implement OPT-7268 and add the flag to enable/disable multi tenancy.

      ATs:

      • In C8 CCSM, if multi tenancy is enabled, users can only see data from tenants they have access to as configured in identity
      • If multi tenancy is disabled, all users have access to data from the <default> tenant. If data exists for other tenant, this data is not visible to any user.
      • If multi tenancy is enabled in Optimize but Optimize encounters an error when attempting to fetch tenant authorizations from identity (for example because tenancy is disabled in identity), then the respective user has no tenant authorizations and can see no data

      Testing Notes:

      Case 1:

      • Can only be tested once multi tenancy is implemented in zeebe and identity
      • setup an environment with multiple tenants, tenant1 and tenant2
      • setup user1 who only has access to tenant1
      • deploy data on multiple tenants (default, tenant1, tenant2)
      • Create resources (reports, collections, management dashboard, instant preview dashboard etc) and confirm user1 can only see data from tenant1 and default tenant

      Case 2:

      • set up a CCSM environment with data for multiple tenants: <default> and tenant1
      • set up a user that has access to both tenants
      • start Optimize with multi tenancy enabled and let it import the data
      • stop Optimzie and disable multi tenancy via config
      • restart Optimize
      • confirm that all users have access to <default> tenant 
      • confirm that no users have access to any other tenants

      Case 3:

      • set up a CCSM environment with data for multiple tenants: <default> and tenant1
      • set multi tenancy to disabled in identity
      • start Optimize with multi tenancy enabled
      • confirm that users have no access to any data and an error is logged when trying to retrieve tenant authorizations for any user

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            depends on

            Task - A task that needs to be done. OPT-7249 Add identity baseUrl to CCSM config

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Done

            Activity

              People

                Unassigned Unassigned
                andromachi.rozaki Andromachi Rozaki
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce