Technical user - access bdm data on behalf of a user
I use a "technical" user to connect to the Bonita engine with the rest api.
We created this user in our LDAP and in the Bonita organization.
I need to access BDM resources on behalf of different "real" users, getting filtered attributes through the bdm access control.
The response should be different according to the user selected.
How can I do that?
There is no native functionality that allows to change permissions on BDM objects based to act on behalf, but it should not be complex to add this behaviour with Bonita extension points.
As BDM Access Control is based on Profiles you could build an application (page + Rest APi extension) that let the "technical user" choose a "regular user", with that user call the rest API extension that will:
- Remove all "technical user" profiles (except the one mapped to the current application)
- introspect his profiles
- Add all these profiles to the user https://javadoc.bonitasoft.com/api/7.12/org/bonitasoft/engine/api/Profil...
Ideally add a button to reset a Remove all "technical user" profiles (except the one mapped to the current application) to keep it clean.
I hope it helps