Skip to main content
Version: 8.6

Manage permissions

Permissions allow you to control the level of access a user or an application has to a particular component. Traditionally, this is often described as being able to provide "read" or "write" access.

Permissions are assigned to APIs and can be grouped to form roles.

note

You can create permissions for granular access control over your APIs. Permissions granted to a user or M2M application are added to the permissions.{audience} claim of the access token.

The preset permissions for Camunda components are:

ComponentPermissionsDescriptions
Connectorsread:*Read access to all APIs
Consolewrite:*Write access to all pages
Identityread
read:users
write
Read access to all pages
Access only the Users page and related subpages
Write access to all pages
Operateread:*
write:*
Read access to all APIs
Write access to all APIs
Optimizewrite:*Write access to all APIs
Tasklistread:*
write:*
Read access to all APIs
Write access to all APIs
Web Modelerwrite:*

admin:*

create:*
read:*
update:*
delete:*
Access to UI

Elevated access to UI (see super-user mode and publishing Connector templates)

CRUD access to public API
Zeebewrite:*Write access to all APIs
Write access needed

To assign a permission to a role and assign a role to a user, you need to have write access to Identity. Read our guide on managing user access to learn more.

Add and assigning a permission to a role

Add a permission

To create a permission using Identity, take the following steps:

  1. Navigate to the API tab:

add-permission-api-tab

  1. Click the API you would like to create a permission for. This will open the details page.

  2. Click the Permissions tab beneath the API name.

  3. Click Add Permission located on the top right of the table and a modal will open.

  4. We are now able to fill out the details of the permission. For this guide, we will use a set of example values. When you have inserted the details, click Add:

add-permission-modal-2

On confirmation, the modal will close, the table will update, and your new permission will be shown:

add-permission-refreshed-table

Assign a permission to a role

To assign a permission to a role, take the following steps:

  1. Navigate to the Roles tab, select Permissions > Assign Permission:

assign-a-permission-tab

  1. Select the API which contains the permission you want to assign.

  2. Select the permission you would like to assign and click Add.

On confirmation, the modal will close, the table will update, and your assigned permission will be shown:

assign-a-permission-refreshed-table

Delete a permission from a role

To delete a permission from a role, take the following steps:

  1. Navigate to the Roles tab.

  2. Navigate to the Permissions tab.

  3. Click the trash icon next to the permission you want to remove.

  4. On confirmation, the modal will close, the table will update, and the assigned permission will be removed from the role.