Providing Optimize access to a user just enables them to log in to Optimize. To be able to create reports, the user also needs to have permission to access the engine data. To see how this can be done, refer to the Authorization Management section.
You can use the credentials from the Camunda Platform 7 users to access Optimize. However, for the users to gain access to Optimize, they need to be authorized. This is not done in Optimize itself, but needs to be configured in the Camunda Platform 7 and can be achieved on different levels with different options. If you do not know how authorization in Camunda works, visit the authorization service documentation.
When defining an authorization to grant Optimize access, the most important aspect is that you grant access on resource type application with resource ID "optimize" (or "*" if you want to grant access to all applications including Optimize). The permissions you can set, are either
ACCESS. They are treated equally, so there is no difference between them.
Authorizing users in admin can be done as follows:
- The first option allows access for Optimize on a global level. With this setting all users are allowed to log into Camunda Optimize.
- The second option defines the access for a single user. The user
Kermitcan now log into Camunda Optimize.
- The third option provides access on group level. All users belonging to the group
optimize-userscan log into Camunda Optimize.
It is also possible to revoke the Optimize authorization for specific users or groups. For instance, you can define Optimize on a global scale, but exclude the
When Optimize is configured to load data from multiple instances of Camunda Platform 7, then it suffices to be granted by one instance for the user to be able to log into Optimize. Notice that, like for all authorizations, grants have precedence over revokes. That is, if there is a Camunda Platform 7 instance that grants access to optimize to a user, the user can log in even if another instance revokes access to Optimize for this user.