1

Problem 1: I am integrating Camunda workflow engine in my spring boot application. I have users in a separate business db and need to sync it with Camunda workflow engine to assign the users to particular tasks. The users in the business db are not categorized to groups but have certain roles. I want to sync these roles with the groups in Camunda.

Problem 2: I also want only the assigned users to be able to complete the tasks via REST localhost:8080/rest/task/{id}/complete How can I be able to achieve this? I cannot find a solid guide that can help me.

Edit: I am able to load the users from my business db to Camunda using this example https://github.com/hashlash/example-camunda-custom-identity-service. This solves problem 1.

Now, I need a way to make sure only the assigned user can complete the assigned task via authorization i.e. Problem 2. Any guides on this?

Improve this question

2 Answers 2

Reset to default
0

I don't know if I understood what you want. But I think it makes more sense to associate your users with authorizations than with groups. If you define in your UserTask the attributes Assignee, Candidate User or Candidate Groups, Camunda will automatically create the authorization for you. I think you have some additional information on this link:

Additional Task Permissions

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You seem to be on the right track. By default Camunda is configured not to enforce authorizations. You need to enabled it using the property:

camunda: bpm: authorization: enabled: true

(RE the previous comment: it is better to assign the Camunda authorizations to groups and get the assignment of users to groups from the external identity provider. This way fine grain application-specific authorization management remains in the application.)

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.