How to add a new custom Authorization resource type in camunda admin

Camunda 7 Topics Discussion & Questions
,
1

Need to add new custom Authorizataion as already we have the following items:

Application
Authorization
Batch
Dashboard
Decision Definition
Decision requirements definition
Deployment
etc

Is there possibilities to add custom resource type into authorizations section

IMG_20210618_110227
IMG_20210618_1102271855×653 97.2 KB

2

Hi @Richard_Gladwin,

This is not available in admin app. The only way is to add through API.

3

Yes we need the api to add . can you please provide us

4

Hi @Richard_Gladwin,

Below is the REST POST method to create authorization

https://docs.camunda.org/manual/7.15/reference/rest/authorization/post-create/#method

Please make sure to use a different integer for your custom resource than already reserved integers.

https://docs.camunda.org/manual/7.15/user-guide/process-engine/authorization-service/#resources

Then check method can be used to perform authorization check for currently authenticated user

https://docs.camunda.org/manual/7.15/reference/rest/authorization/get-check/

5

This the thing i wanted i cannot see any api on the docs for creating resources …

6

@hassang Need to call which api for creating our own custom resource type

7

Hi @Richard_Gladwin,

The same API but for each custom resource use a unique integer other than reserved integers so for example: you use integers within the range (> 90 )

Below link lists all reserved integers
https://docs.camunda.org/manual/7.15/user-guide/process-engine/authorization-service/#resources

8

Hi @hassang Same api refering to what ??

9

Hi @Richard_Gladwin,

This REST API method to create an authorization

https://docs.camunda.org/manual/7.15/reference/rest/authorization/post-create/#method

Below is an example of a request body in which value 91 is used for resourceType

{"type" : 0,
 "permissions": ["CREATE", "READ"],
 "userId": "*",
 "groupId": null,
 "resourceType": 91,
 "resourceId": "*"}

Also Java API can be used

10

@hassang

{“type” : 0,
“permissions”: [“CREATE”, “READ”],
“userId”: “",
“groupId”: null,
“resourceType”: 91,
“resourceId”: "”}

here - resource id is any name rite

will this work on older versions or this is only work in latest ?

so if i use this API i can add a new resource into authorization is it right?

11

Hi @Richard_Gladwin,

Let’s say that you have a custom Car resource with a custom Id of 123 and want to grant user1 Read permission to it then below Post request can be used to create an authorization

/authorization/create

{"type" : 1,
 "permissions": ["READ"],
 "userId": "user1",
 "groupId": null,
 "resourceType": 91,
 "resourceId": "123"}

And to perform authorization check, below Get request can be used

/authorization/check?permissionName=READ,resourceName=CAR,resourceType=91,resourceId=123

12