By default every user is an admin


#1

Hi ,
I deployed a spring-boot powered camunda .

I am trying to create a new user (say “apple”) in camunda-admin panel , the user will have access to “tasklist” only .

But ,that user can access all the panels “cockpit” , “tasklist” , “admin” . WHY ???

Is every user an admin user in camunda ( by default) OR am I doing something wrong ???

HOW I created the new user ?


This is what i get at the welcome panel …


#2

Hi @Arsh_Baghel,

you are right, each new user does have full access. However, the permission management in camunda can be configured on a very granular level depending on your requirements. Check the tab “Authorizations” in the navbar. Detailed information about permission management can be found here:

https://docs.camunda.org/manual/7.8/webapps/admin/authorization-management/


#3

Hi @FabianHinsenkamp ,
I tried the steps , but the result is the same. :tired_face:

Steps i followed ::

  1. create 2 users --> test1 , test2 .
  2. create a group --> test_group.
  3. add the 2 users to the group .
  4. aplied the “Application Authorizations” to the group.

1)

3)

4)

RESULT) :tired_face: :

PS : I tried the basic tomcat restart also .

Help !!!


#4

Also , when i used to utilise Version 7.7 of camunda ,every new user I created used to have no rights (by default ).

But, in the Version 7.8 every user is by default admin-member …WHY???

Version 7.7:::


#5

Hi @Arsh_Baghel,

I can not reproduce the behaviour described by you. Please check your “list of groups” view it should look similar to mine: The type of your group should be “WORKFLOW”.

Why is ist relevant to you if a user has non or all permissions by default?


#6

Hi @FabianHinsenkamp ,

I used “WORKFLOW” in the “Type” of group .

But , still I can see that the users in this group can see all the applications(Cockpit , Admin , tasklist ) , despite me not explicitly giving them any permissions .

Now , replying to :: Why is this relevant to you if a user has non or all permissions by default?
Ans->: have created a system where , a loan-request is analysed using camunda’s Workflow manager , and some users should only have access to the tasklist , so that they can work o the task(s) they are assigned to .


#7

Hi @Arsh_Baghel,

thanks for checking the group type. Now, can you please check your authorization config in your spring boot project. Probably you haven’t set camunda.bpm.authorization.enabled.

Check the documentation for more details


#8

Hi @FabianHinsenkamp ,
I tried this config and it worked , thanks …

BTW…
Shouldn’t these authorization-settings be enabled by default .