I am using the Open Version Of Camunda BPM. I tried creating a new user and added it to a new created group. I want that group to have only access to cockpit. But I am able to use tasklist also. How can i give specific access to it
User Ids- qwerty
user name- Qwerty123
group- demoaccount
I have attached the screenshot for the same.
You need to check assigned authorizations. The user/group needs to be specifically assigned to only cockpit. By default the user/group will have cockpit, admin, tasklist access.
Authorization Management: Authorization Management | docs.camunda.org
But I am not able to create a user without adding it to the camunda admin group. That way irrespective of what authrorization i give i am able to access both tasklist and cockpit. How to create a user without adding it to the Camunda admin group.
If I don’t add that group then i am not able to access anything
Hello @Avin ,
have you already configured the authorization of the group “demoaccount”? This sounds like the group has no authorizations at all…
Jonathan
Hi Jonathan
I have given the demoaccount’s authrization as cockpit… I have attached a Screenshot
After that when i am trying to accees the cockpit all i get is this… No process is there even if i deploy with assignee name as qwerty
1 Like
Hello @Avin ,
beside authorizing a group to see a part of the application, does this group also have permissions on other authorization objects?
Jonathan
Hello,
I am having the same issue. I tried creating “DENY” Authorizations to prevent a user from accessing some webapps, but when I log in with these credentials I can still access any webapp, and even create admin users…
Hi,
I am facing a similar issue, just wanted to know if you got the solution for this?
Hi @Prachi,
What do you mean by similar issue?
Because giving the user application access, doesn’t mean he/she has access to process instances so even if user has access to cockpit app, he/she still might be unable to view data.
Authorizations should be configured carefully as per the business needs.
https://docs.camunda.org/manual/7.15/user-guide/process-engine/authorization-service/
Hi @hassang ,
thanks for the response.
I created a new user and added in the new group say grpA.
Provided the authorisation to grpA for cockpit and a specific process definition. (but all the process instances )
Still not able to see any data in cockpit.
If you can help what should i configure more , since I am new to camunda.
Hi Prachi,
Can you share what all permission you have given !
You can also refer Authorization management
Hi @Prachi,
Read permission for “Process Instance” resource is needed too. (Please set resource Id to *) so read permission is given to all instances.
Can you please share screenshots of the configured authorizations you have.
Provided all the permissions to all the resources for TGIntr, and still the user belonging to group TGIntr can not see any data in cockpit.
Hi @Prachi,
Can you please share screenshots of all given permissions including Process Definition related authorizations.
And please if possible share the errors show up on the console of browser’s developer tools while opening the cockpit app
Here are the steps.
- Camunda engine is embedded engine using Java Sprint boot application.
- logged in to cockpit as default admin → Created a new user “prac” and a new group “TGIntr”
- added “prac” to the group “TGIntr”
- Authorization provided as -
-
enabled authorization in property file [camunda.bpm.authorization.enabled = true] and restarted the application.
-
logged in as user “prac” to cockpit. [application authorization is working since i am only able to access cockpit)
-
Not able to see any data in cockpit.
Also console logs of the browser is clear. No such error logs.
Hi @Prachi,
Using admin user, are you able to view data in cockpit?
Can you please set resource Id of the defined “Process Definition” authorization to * instead of TrialProcess and check whether this works?
Yes @hassang , i am able to view data using admin user.
I tried by setting resource id to “*” instead of “TrialProcess” - but still could not view the data in cockpit
Hi @hassang ,
I found out that all the processes are deployed using spring service (embedded camunda engine) under as specific tenant id. Hence the new user created and authorised is not able to see those processes’ data in cockpit. New user user is only able to see data for the process deployed by camunda modeler without tenant id.
Have created a new topic regarding the same:
Thanks