Hello,
I have a problem with the Authorization management, it doesn’t behave as espected:
We have one Camunda Engine (Community Ed., 7.9) running which is connected to our LDAP system.
We use the “Single-engine multi-tenancy” approach with over 700+ tenants.
Via the Authorization plugin there’s an Admin group configured (called camunda-admin
).
When I log in as a member of the camunda-admin
group everything is fine! I can see all process instances, can start processes and so on.
But, now I want to add another group called camunda-viewer
.
Members of this group may only use the cockpit.
Within the cockpit they may see all running processes and incidents, but must not change anything.
I gave an access right for the cockpit for this group and read-access to process instances, process definitions and tasks.
Now, when a user of this groups logs in, he/she can only see the cockpit. So far, so good
BUT the user cannot see any running processes and incidents. The user sees the cockpit with 0 running process and 0 incidents, which makes the cockpit useless.
Even if I give this group the permission to start processes: when a user starts a process the user won’t see the running process in the cockpit (but a user of the admin-group does).
Does anybody has an idea what’s the problem?