Authorizations
An authorization grants an owner access to a resource and defines the specific permissions they have.
- The owner is the entity that receives permissions, like user, group, role, client, or mapping rule.
- The resource is the object that the permissions apply to, like process definition, decision definition, or system. See the full list of available resources.
Each authorization specifies which permissions (e.g., READ
, UPDATE
, DELETE
) the owner has on the resource.
To learn more, see the authorization concepts. For authorizations to take effect, they need to be enabled in your cluster configuration.
Create an authorization
To create a new authorization:
- Log in to Identity in your cluster, and click on the Authorizations tab.
- Select a resource type from the list on the left, and click Create authorization.
- Provide the following information:
- Owner type: The entity to which you want to assign permissions, such as a User, Group, Role, Client, or Mapping rule.
- Owner ID: The unique ID of the owner.
- Resource type: The selected resource type.
- Resource ID: The ID of the resource. Use
*
to grant permissions for all resources of the selected type.
- Select the permissions you want to grant.
- Click Create authorization.
The authorization is created, and the owner is granted the specified permissions.
Update an authorization
Authorizations cannot be updated after they are created. To edit an authorization, you must first delete the existing one and then create a new authorization with the updated permissions.
Delete an authorization
To delete an authorization:
- Log in to Identity in your cluster, and click on the Authorizations tab.
- Select the resource type of the authorization you want to delete.
- In the list, find the authorization you want to remove and click the Delete button next to it.
- Confirm the deletion by clicking Delete in the confirmation dialog.
The authorization is deleted, and the owner no longer has the permissions granted by it.