Manage permissions
Permissions allow you to control the level of access a user or an application has to a particular component. Traditionally, this is often described as being able to provide "read" or "write" access.
Permissions are assigned to APIs and can be grouped to form roles.
You can create permissions for granular access control over your APIs. Permissions granted to a user or M2M application are added to the permissions.{audience} claim of the access token.
Preset permissions
The preset permissions for Camunda components are:
| Component | Permissions | Descriptions |
|---|---|---|
| Connectors | read:* | Read access to all APIs |
| Console | write:* | Write access to all pages |
| Identity | read read:users write | Read access to all pages Access only the Users page and related subpages Write access to all pages |
| Operate | read:* write:* | Read access to all APIs Write access to all APIs |
| Optimize | write:* | Write access to all APIs |
| Tasklist | read:* write:* | Read access to all APIs Write access to all APIs |
| Web Modeler | write:* admin:* create:* read:* update:* delete:* | Access to UI, further managed by project permissions Elevated access to UI (see super-user mode and publishing Connector templates) Access to POST endpoints of the API Access to GET endpoints of the API Access to PATCH and PUT endpoints of the API Access to DELETE endpoints of the API |
| Zeebe | write:* | Write access to all APIs |
To assign a permission to a role and assign a role to a user, you need to have write access to Identity. Read our guide on managing user access to learn more.
Add and assign a permission to a role
Identity does not check permission definitions for typos or misspelled words.
Add a permission
To create a permission using Identity, take the following steps:
-
Navigate to the APIs tab:
-
Click the API you would like to create a permission for. This will open the details page.
-
Click the Permissions tab beneath the API name.
-
Click Add permission located on the top right of the table and a modal will open.
-
Fill out the definition and description of the permission. When you have inserted the details, click Add.
On confirmation, the modal will close, the table will update, and your new permission will be shown.
Assign a permission to a role
To assign a permission to a role, take the following steps:
-
Navigate to the Roles tab, click the role, and select Permissions > Assign permissions.
-
Select the API which contains the permission(s) you want to assign.
-
Select the permission(s) you would like to assign and click Add.
On confirmation, the modal will close, the table will update, and your assigned permission will be shown.
Delete a permission from a role
To delete a permission from a role, take the following steps:
-
Navigate to the Roles tab. Click the role you would like to delete permissions from.
-
Navigate to the Permissions tab.
-
Click the trash icon next to the permission you want to remove.
On confirmation, the modal will close, the table will update, and the assigned permission will be removed from the role.