MLC-service provides an additional mechanism for authorization.
The next actions can be protected through MCL configurations:
Deploying BPMNs.
Sending Signals.
Sample configurations:
mlc: camunda: access: enabled: true rest: deploy: groups: group1 signal: groups: group2 signal-responsive: groups: group3,group1
The above configurations will only allow:
Able to Deploy: Only authenticated requests arriving from admins or requests belonging to group:
group1
Able to call signal: Only authenticated requests arriving from admins or requests belonging to group:
group2
Able to call signal-responsive: Only authenticated requests arriving from admins or requests belonging to group:
group3 and group1