Skip to main content
Version: 8.8 (unreleased)

Manage access and permissions

With Management Identity, you can manage and control access to management and modeling component REST APIs and custom applications using permissions and roles.

note

This section describes how to manage access to Web Modeler, Console, and Optimize. For access control to Orchestration Cluster components and their resources, refer to the Orchestration Cluster authorizations instead.

About permissions

When using and managing permissions, it is important to understand the following key concepts:

tip

For detailed instructions, see the guide about managing permissions.

Permissions

Each API (representing a component) defines its own set of permissions to control API access.

The following permissions are available:

ComponentAPIPermissions available
Management IdentityCamunda Identity Resource Server

  • read: Read access to Management Identity UI
  • read:users: Access only the Users UI and related subpages.

  • write: Write access to Management Identity UI.

OptimizeOptimize API

  • write:*: Read and Write access to Optimize UI and APIs.

Web ModelerWeb Modeler Internal API

Web ModelerWeb Modeler API

  • create:*: Access to POST endpoints of the API.
  • read:*: Access to GET endpoints of the API.

  • update:*: Access to PATCH and PUT endpoints of the API.

  • delete:*: Access to DELETE endpoints of the API.

note

Permissions granted to a user or M2M application are added to the permissions.{audience} claim of the access token.