ThorbenLindhauer
commented
1 year ago The same problem exists with the adminUsers property of the engine configuration and should be fixed with this ticket, too.
Closed yanavasileva closed 1 year ago
ThorbenLindhauer
commented
1 year ago The same problem exists with the adminUsers property of the engine configuration and should be fixed with this ticket, too.
tasso94
commented
1 year ago @mboskamp, can you please review this? We want to include the patches on Monday, so we should probably get it through / have it merged in the next two days.
mboskamp
commented
1 year ago I will start with the review today. If I can not finish it today it's first on my list for tomorrow. 👍
tasso94
commented
1 year ago Thank you!
Environment (Required on creation)
Any setup, 7.10+
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket)
adminGroupsusers do not have permission to see process instances that belong to a tenant. Onlycamunda-adminusers can access all tenants.Steps to reproduce (Required on creation)
MyAdminGrouptoadminGroupsvia process engine configurationCamundaAdmin, member ofcamunda-admingroup,MyAdminmember ofMyAdminGroupgroup.process instance 1that belongs totenant1,Process-instance-2is belongs totenant2.MyAdminand navigate to the process definition where the above process instances belong.Observed Behavior (Required on creation)
MyAdmincannot seeprocess instance 1andprocess instance 2.CamundaAdmincan see them.Expected behavior (Required on creation)
MyAdmincan access the process instances that belong to a tenant.Root Cause (Required on prioritization)
In webapps, tenant check is excluded only for
camunda-adminusers and does not consideradminGroups- codeSolution Ideas
#isCamundaAdminchecks in process engine and webapps to include theadminGroupsHints
Links
Breakdown
Dev2QA handover