Skip to main content
Version: 8.8 (unreleased)

Authorizations

Create and manage your Orchestration Cluster authorizations.

About authorizations

An authorization grants an owner access to a resource and defines the specific permissions they have.

  • Owner: The entity that receives permissions, such as a user, group, role, client, or mapping rule.
  • Resource: The object that the permissions apply to, such as a process definition, decision definition, or system. See the full list of available resources.

Each authorization specifies which permissions the owner has for the resource (for example, READ, UPDATE, DELETE).

For authorization to be applied, it must be enabled in your cluster configuration.

info

Create an authorization

To create a new authorization:

  1. Log in to Identity in your cluster, and select the Authorizations tab.
  2. Select a resource type from the list on the left, and click Create authorization.
  3. Enter the following information:
    • Owner type: The entity to which you want to assign permissions, such as a User, Group, Role, Client, or Mapping rule.
    • Owner ID: The unique ID of the owner.
    • Resource type: The selected resource type.
    • Resource ID: The ID of the resource. Use * to grant permissions for all resources of the selected type.
  4. Select the permissions you want to grant.
  5. Click Create authorization.

The authorization is created, and the owner is granted the specified permissions.

Create authorization tab

Update an authorization

Authorizations cannot be updated after they are created.

To edit an authorization, delete the existing authorization and create a new authorization with the updated permissions.

Delete an authorization

To delete an authorization:

  1. Log in to Identity in your cluster, and select the Authorizations tab.
  2. Select the resource type of the authorization you want to delete.
  3. In the list, find the authorization you want to remove and click Delete.
  4. Confirm the deletion by clicking Delete in the confirmation dialog.

The authorization is deleted, and the owner no longer has the permissions granted by it.

caution

Deleting an authorization is permanent and cannot be undone.