Read-only operator mode


#1

Dear Camunda Folks,

Would appreciate your advise on implementing a read-only Operator role in Cockpit.
We are looking for a way to provide “reporting” capability, while avoiding segregation of duty conflicts. What would be a sufficient level of authorisations to assign a group READ_ONLY access to cockpit?

Would be also happy to hear your thoughts on lessons learnt.

Thank you in advance.

Best regards,
Ilya


#2

Hi, Ilya!

We resolve this case with REST API - write small vue.js app. May be you can look that way.


#3

Hi Denis,

Thank you for your suggestion. I am looking for really simple no-code options :wink:

BR,
Ilya


#4

What is read only mean in your context? You can see everything but not actually action anything?


#5

Hi @StephenOTT,

Yes, exactly. Being able to see, but not act.

Best regards,
Ilya


#6

Hi Ilya,

The user needs access to Cockpit and READ permissions to everything which is needed:

  • process definition (+ READ_INSTANCES)
  • process instance
  • decision definition
  • deployment
  • batch

You need to consider adding the READ_HISTORY if the user needs access to it as well.


#7

Hi Yana,

Thank you so much. This is what we are looking for.

Best regards,
Ilya