Skip to main content
Version: 8.8 (unreleased)

Access control

If authorization control is enabled for your Orchestration Cluster, users require the following authorizations to work with Operate.

note

You can assign these in the Identity UI. See the introduction to authorizations for a list of all available authorizations.

Mandatory authorizations

The following mandatory authorizations are required to work with Operate:

Authorization typeResource typeResource IDPermission
Component access for OperateComponentoperate or * (for access to all web components).ACCESS
View process definitions and process instancesProcess DefinitionID of the respective BPMN process definition or * (for all process definitions).READ_PROCESS_DEFINITION, READ_PROCESS_INSTANCE

Optional authorizations

The following optional authorizations can also be defined:

Authorization typeResource typeResource IDPermission
View decision definitions and decision instancesDecision DefinitionID of the respective DMN decision definition or * (for all process definitions).READ_DECISION_DEFINITION, READ_DECISION_INSTANCE
View decision requirements definitionsDecision Requirements DefinitionID of the respective DRD or * (for all process definitions).READ
View running and completed batch operationsBatch*READ
Update process instances via batch (cancellation, retries).Batch*CREATE and corresponding permissions for the individual batch operation (for example, CREATE_BATCH_OPERATION_CANCEL_PROCESS_INSTANCE).
Update process instance directlyProcess DefinitionID of the respective BPMN process definition or * (for all process definitions).UPDATE_PROCESS_INSTANCE
Cancel process instance directlyProcess DefinitionID of the respective BPMN process definition or * (for all process definitions).CANCEL_PROCESS_INSTANCE