Access control for users like LDAP


#1

Hi There!

Need to implement LDAP like access control for cross-department, multiple level hierarchy. (Usually found in Banking, Insurance and other long-tail sales teams)

Details as follows.
<Background>

1.There are departments : Marketing, Operations, Sales

  1. There are parallel hierarchies (consisting of roles) in each department:

Example for Marketing as follows

Digital Marketing hierarchy : Marketing Head [a] > Digital Marketing Head > Team Lead > Account executive[b]

Field Marketing hierarchy : Marketing Head [a] > Field Marketing Head > Zonal manager > Area Manager > Team lead > Account executive

Media Marketing hierarchy : Marketing Head[a] > TV/News Marketing Head > Media property Manager > Channel Manager > Account executive[b]

[*] means Same individual(on that role) is present across multiple hierarchies

Example for Sales as follows

Dealership hierarchy : Asia Pacific Sales Head > National Sales head > Zonal Manager > Area[d] Manager > Dealership Manager[c] > Team Leader > Account Executive

Post Sales Hierarchy : Dealership Manager[c] > Service Team Lead > Service executive

Customer Success Hierarchy : Area Manager[d] > Delivery Expert

<Requirement>

[1] We need to show selective data, depending on where a role is present in hierarchy.

i.e. in example of ‘Dealership Hierarchy’:

if 3 Area Managers report to a Zonal Manager, then Zonal Manager can see leads data for these 3 Area Managers

Further each Area manager can only see data of his/her reportee Dealership Manager, and so on

[2] Permission to use a given feature in application depends on your role. So how do we link permission[read/write/edit] for a given feature with role.

This is in short how LDAP works, we need to create similar kind of access control for users accessing a Camunda application.


#2

Hi @Kartik_Sharma,

Access to certain resources can be granted or denied for groups. To manage the group membership, you can use the Database Identity Service or LDAP.

Here is a guide on how to use your LDAP provider in Camunda: https://docs.camunda.org/manual/7.11/user-guide/process-engine/identity-service/#the-ldap-identity-service.

Hope this helps
Martin


#3

Thanks for the response Martin.