Cannot create new users/groups/tenants via UI


#1

Hey,

some time ago we migrated from Camunda 7.9 to 7.10. In 7.9 we could create new entities in admin web app but now this functionality seems to be gone.

During the migration we switched from general docker container to our own spring-boot based distribution. Could we have missed something during the migration or spinning up our distribution?

User I’m using is in admin group and I can still edit the entities, just creation became unavailable (there is no “new user” button for example.


#2

Hi @Wojciech_Pitula,

that is indeed weird. Can you confirm for me that in the page Admin > Authorizations > User the group camunda-admin has ALL Permissions on entity type *?

KR
Martin


#3

Hi @martin.stamm

yes the permission is there. I’m attaching screenshots of the relevant screens.




#4

This is indeed strange. Could you please open the Network tab of you browsers development tools (F12) and have a look at the requests made when you login? There should be user?memberOfGroup=camunda-admin and authorization/check requests. Please verify that the returned list of admins actually contains your userID.

Also, on the User Page, please open the developer console and paste the following:

angular.element('body > div.ctn-main > div > div:nth-child(3) > section > div > header > div.col-xs-4.text-right > a').scope().availableOperations

is the operation create true?


#5

There is none of mentioned requests. When I log in there are exactly 3 json requests executed:

  • /api/admin/auth/user/default/login/welcome
  • /api/engine/engine/default/group
  • /api/engine/engine/default/user/plpitulw/profile

The first one lists “admin” as authorized webapp and the second one specifies that my user is a member of “camunda-admin” group.

When I go to the admin app there are two additional requests:

  • /api/engine/engine/default/authorization/check?permissionName=ALL&resourceName=authorization&resourceType=4
  • /api/engine/engine/default/authorization/check?permissionName=READ&resourceName=authorization&resourceType=4

I also navigated to users lists but no authorization-requests were made there as well.

Output from the angular query is an empty object {}.

P.S. thanks a lot for your help and enagement! :slight_smile:


#6

Hmm, so that tells me that the permissions are not passed to component correctly. I’ll have to look at the source code more closely to find out why that might be the case.

Does this apply only to accounts created before the upgrade? I.e. does a new user have this problem as well? You can create new users with the REST-API https://docs.camunda.org/manual/7.10/reference/rest/user/post-create/


#7

Just checked, the newly created user sees the same UI without the button.