Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-8111

Wrong authorization check when scheduling history clean up

    Details

    • Type: Bug Report
    • Status: Open
    • Priority: L3 - Default
    • Resolution: Unresolved
    • Affects Version/s: 7.8.0-alpha3
    • Fix Version/s: 7.7.x, 7.8.0
    • Component/s: engine
    • Labels:
      None

      Description

      To execute HistoryService#cleanUpHistoryAsync() the authenticated user must have a DELETE_HISTORY permission on the PROCESS_DEFINITION resource. This does take into account, that the history clean up job also deletes decision instances (and case instances).

      AT:

      • check only if the authenticated user is an admin user

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            yana.vasileva Yana Vasileva
            Reporter:
            roman.smirnov Smirnov Roman
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Development