Details

    • PM Priority:
      140

      Description

      AT:

      • on login the user is authorized against each engine configured and the permissions per user & engine are stored
      • on listing process/decision definitions a user only sees the definitions & tenants from engines he is authorized to access
      • in multi engine scenario the following holds for user authorizations:
        • once a users logs in, we try to authenticate him on each configured engine. For each engine the user is authenticated successfully with we fetch Optimize application authorization and resource authorizations (definition & tenant authorizations)
        • a user can access Optimize as soon as one engine grants Optimize Application Access
        • if there are several engines with the same definitions (same key + version) a different `defaultTenantId` needs to be configured for each of those engines
          • then the user can only see the data of the definition+tenant combinations he has been granted access to by each of the engines
        • the case that there are several engines with the same definitions (same key + version) and no `defaultTenantId` is configured is not supported and leads to inconsistent behavior (e.g. if same key exists on multiple engines, multiple process definitions are listed for the same key etc.) => needs to be highlighted in the documentation
          • the same limitation applies if the same tenant and definition key pair is present on multiple engines
      • the multi-engine documentation is updated to reflect the new behavior

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            felix.mueller Felix Müller
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: