Why Bonita allows to start process by everyone?
Hi,
I developed a very simple workflow which has 2 actors, I set one of these actors as initiator, every actor is mapped to a single user for simplicity.
But when I run the process from bonita studio. I can execute the first action with every user, I was expecting an error like 401 Denied, how can I fix this?
Hi,
By default, the administrator profile is bound to the member role of the organization (which all users have).
Removing the administrator profile should trigger a proper 403 error when the user does not belong to the initiator actor.
UPDATE: It looks like the runtime does not check if a user belongs to the initiator actor when start a process instance. The Bonita User Application only filters by initiators in the Process page. I personally don't like it and will report a bug in our internal tracker. Feel free to do the same here
HTH
Romain
Comments
Hi Romain, thank you for your answer. How can I remove the administrator profile?
Thank you in advance
Hi Romain, thank you for your answer. How can I remove the administrator profile?
Thank you in advance
From the Bonita Administrator app (or Portal with Administrator profile), in the Organization > Profiles > Administrator menu.
Thank you, very helpful
Hi. I tried the solution suggested, removing the mapping of administrator profile from all users except one (in my case the mapping was for each user by default), but when I try to start a process from the button, it starts normally even if the user is not the iniator actor . Is there any other step to take in order to achieve the goal? I also verified that the user is not administrator, since I cannot see the administrator app from the app list.
I've updated my answer