Advanced Permissions for Entities (OPT-2276)

[OPT-2545] Add Role-Management to Collections Created: 05/Aug/19  Updated: 29/Aug/19  Resolved: 09/Aug/19

Status: Done
Project: Camunda Optimize
Component/s: backend
Affects Version/s: None
Fix Version/s: 2.6.0-alpha2

Type: Sub-task Priority: L3 - Default
Reporter: Sebastian Bathke Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is related to OPT-2546 Add Definition/Tenant-Management to C... Done


In order to implement a role system on collections it is required to have basic CRUD operations for these.


  • user/groups with assigned roles can be set on collections (called roleEntry)
  • one roleEntry is always a 1:1 mapping of one user or group to a role
  • the available roles are Viewer, Editor, Manager
  • there is a REST API to add/remove/edit a roleEntry
  • for a particular user or group there can only be one roleEntry per collection
    • on an attempt to add a roleEntry for an already existing identity (user/group) it is rejected with a conflict response
  • the last roleEntry of role type Manager cannot be deleted or updated, an attempt is rejected with a conflict response
  • the REST api is documented in the wiki

Generated at Sun Oct 20 10:39:10 CEST 2019 using JIRA 6.4.6#64021-sha1:33e5b454af4594f54560ac233c30a6e00459507e.