Skip to main content
Version: 8.7

Manage access and permissions

Manage and control access to Camunda 8 APIs and custom applications using permissions and roles.

About permissions

When using and managing permissions, it is important to understand the following key concepts:

note

You can also use resource authorizations to grant more fine-grained access control to Camunda 8 resources to users and groups.

Permissions

Each API (representing a component) defines its own set of permissions to control API access.

The following permissions are available:

ComponentAPIPermissions available
IdentityCamunda Identity Resource Server

  • read: Read access to entire UI
  • read:users: Access only the Users UI and related subpages.

  • write: Write access entire UI.

OperateOperate API

  • read:*: (Read access to APIs is not controlled by permissions). Read access to the UI.
  • write:*: Write access to the UI and API.

OptimizeOptimize API

  • write:*: Read and Write access to entire UI and all APIs.

TasklistTasklist API

  • read:*: (Read access to APIs is not controlled by permissions). Read access to the UI.
  • write:*: Write access to the UI and API.

Web ModelerWeb Modeler Internal API

Web ModelerWeb Modeler API

  • create:*: Access to POST endpoints of the API.
  • read:*: Access to GET endpoints of the API.

  • update:*: Access to PATCH and PUT endpoints of the API.

  • delete:*: Access to DELETE endpoints of the API.

note

Permissions granted to a user or M2M application are added to the permissions.{audience} claim of the access token.