Manage access and permissions
With Management Identity, you can manage and control access to management and modeling component REST APIs and custom applications using permissions and roles.
This section describes how to manage access to Web Modeler, Console, and Optimize. For access control to Orchestration Cluster components and their resources, refer to the Orchestration Cluster authorizations instead.
About permissions
When using and managing permissions, it is important to understand the following key concepts:
- APIs represent the different Camunda 8 management and modeling components, such as Web Modeler, Optimize, and so on.
- Each API defines its own set of permissions that to control API access.
- Permissions are organized using roles that can be assigned to users either directly or via Groups.
- You can also assign permissions to your custom application, such as a job worker for example.
For detailed instructions, see the guide about managing permissions.
Permissions
Each API (representing a component) defines its own set of permissions to control API access.
The following permissions are available:
Component | API | Permissions available |
---|---|---|
Management Identity | Camunda Identity Resource Server |
|
Optimize | Optimize API |
|
Web Modeler | Web Modeler Internal API |
|
Web Modeler | Web Modeler API |
Permissions granted to a user or M2M application are added to the permissions.{audience}
claim of the access token.