Closed yanavasileva closed 1 year ago
The same problem exists with the adminUsers
property of the engine configuration and should be fixed with this ticket, too.
@mboskamp, can you please review this? We want to include the patches on Monday, so we should probably get it through / have it merged in the next two days.
I will start with the review today. If I can not finish it today it's first on my list for tomorrow. 👍
Thank you!
Environment (Required on creation)
Any setup, 7.10+
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket)
adminGroups
users do not have permission to see process instances that belong to a tenant. Onlycamunda-admin
users can access all tenants.Steps to reproduce (Required on creation)
MyAdminGroup
toadminGroups
via process engine configurationCamundaAdmin
, member ofcamunda-admin
group,MyAdmin
member ofMyAdminGroup
group.process instance 1
that belongs totenant1
,Process-instance-2
is belongs totenant2
.MyAdmin
and navigate to the process definition where the above process instances belong.Observed Behavior (Required on creation)
MyAdmin
cannot seeprocess instance 1
andprocess instance 2
.CamundaAdmin
can see them.Expected behavior (Required on creation)
MyAdmin
can access the process instances that belong to a tenant.Root Cause (Required on prioritization)
In webapps, tenant check is excluded only for
camunda-admin
users and does not consideradminGroups
- codeSolution Ideas
#isCamundaAdmin
checks in process engine and webapps to include theadminGroups
Hints
Links
Breakdown
Dev2QA handover