Set an Authorization on process definitions in Camunda BPM

0
votes

Currently we evaluate Camunda BPM as a possible Open Source BPM framework. One important use case is that we need to manage which user is allowed to see and start which process in the Camunda tasklist. According to the official documentation: http://docs.camunda.org/latest/guides/user-guide/#process-engine-authorization-service and this post here: https://groups.google.com/forum/#!topic/camunda-bpm-users/EjY8sxycNAQ

it is not possible to define access rights on process definitions. The problem is, that the post was not updated since last year.

Therefore, is it possible to define Authorizations on process definitions?

Best regards Ben

1
business-process-managementcamunda

1 Answers

2
votes

You can define a possible starter group on the process definition, though not via modeler but via xml directly:

 <bpmn2:process id="..." name="..." isExecutable="true">
    <bpmn2:extensionElements>
      <activiti:potentialStarter><![CDATA[
            ]]><resourceAssignmentExpression><![CDATA[
                ]]><formalExpression>group(YOUR_PROCESS_STARTER_GROUP)    </formalExpression><![CDATA[
            ]]></resourceAssignmentExpression><![CDATA[
        ]]></activiti:potentialStarter>
    </bpmn2:extensionElements>
    ...

and then query it via API:

repositoryService.createProcessDefinitionQuery().startableByUser(userId).latestVersion().list();

Note: we are not using the camunda tasklist, we wrote our own. So I cannot tell if this is going to work out of the box.