Skip to content
This repository was archived by the owner on Feb 26, 2021. It is now read-only.

Commit f7fd5cd

Browse files
committed
Added process definition read, read_instance & update_instance permissions
Due to the enforcement of Camunda permissions the process definition is now mandatory for a user to successfully submit a job result. The other two were added as a precaution. Note: This is a potential **breaking change** for users not using the `scanner` group provided by default for their scanner user permissions. The permissions of the default `scanner` group will get updated by default, all others will have to manually expand their scanner groups to match these permissions.
1 parent 9717dec commit f7fd5cd

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

scb-engine/src/main/java/io/securecodebox/engine/helper/DefaultGroupConfiguration.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,12 @@ public void postProcessEngineBuild(final ProcessEngine processEngine) {
6363
Resources.PROCESS_INSTANCE,
6464
Permissions.READ, Permissions.UPDATE
6565
);
66-
66+
createAuthorizationForGroup(
67+
processEngine.getAuthorizationService(),
68+
GROUP_SCANNER,
69+
Resources.PROCESS_DEFINITION,
70+
Permissions.READ, Permissions.READ_INSTANCE, Permissions.UPDATE_INSTANCE
71+
);
6772

6873
createGroup(identityService, GROUP_CI);
6974
createAuthorizationForGroup(

0 commit comments

Comments
 (0)