[OPT-2096] Improved Multi Engine Support Created: 27/Mar/19  Updated: 05/Jun/19  Resolved: 05/Jun/19

Status: Done
Project: Camunda Optimize
Component/s: backend
Affects Version/s: None
Fix Version/s: 2.5.0

Type: Feature Request Priority: L3 - Default
Reporter: Felix Müller Assignee: Unassigned
Resolution: Done Votes: 0
Labels: current_release, needs_testing
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

OPT-2301 Authorizations are loaded from all co... Sub-task Done  
OPT-2302 Multi Engine documentation is updated Sub-task Done  
PM Priority: 140



  • on login the user is authorized against each engine configured and the permissions per user & engine are stored
  • on listing process/decision definitions a user only sees the definitions & tenants from engines he is authorized to access
  • in multi engine scenario the following holds for user authorizations:
    • once a users logs in, we try to authenticate him on each configured engine. For each engine the user is authenticated successfully with we fetch Optimize application authorization and resource authorizations (definition & tenant authorizations)
    • a user can access Optimize as soon as one engine grants Optimize Application Access
    • if there are several engines with the same definitions (same key + version) a different `defaultTenantId` needs to be configured for each of those engines
      • then the user can only see the data of the definition+tenant combinations he has been granted access to by each of the engines
    • the case that there are several engines with the same definitions (same key + version) and no `defaultTenantId` is configured is not supported and leads to inconsistent behavior (e.g. if same key exists on multiple engines, multiple process definitions are listed for the same key etc.) => needs to be highlighted in the documentation
      • the same limitation applies if the same tenant and definition key pair is present on multiple engines
  • the multi-engine documentation is updated to reflect the new behavior

Generated at Fri Sep 20 01:07:49 CEST 2019 using JIRA 6.4.6#64021-sha1:33e5b454af4594f54560ac233c30a6e00459507e.