Hello,
I seem to have a strange bug in Bonita. I have installed 2 Bonita instances (dev and qa) with the same configs. I created a "dummyUser" on both systems with the profil "user". On QA i can login with the "dummyUser" and i can perfom the following action
http://bonita.dev.someCompany.com/bonita/API/bpm/process?f=name=aProcess&f=version=3.1.18
and i get a result.
On Dev instance with the same user created I get
"Access to bonita.qa.someCompany.com was denied
You don't have authorisation to view this page.
HTTP ERROR 403"
To the best of my knowledge I have compared everything so far and found no difference. Is there a possibility to change the rights of the profile "user"? Or does anyone have an idea what this could be due to?
According to the documentation, a user with the profile "user" should be able to start or view at least one process. See Default Profils https://documentation.bonitasoft.com/bonita/7.8/profiles-overview
We are using Bonita Version 7.7.3
first when you said have two environments for Bonita DEV & QA, the two Bonitas is the Studio Version or you have the Studio Community in DEV and in QA you have Server Version? Could you specify that?
also you do not need to recreate the users, if you already have the configuration in one Bonita, you can export the organization and import it in the other Bonita and everything is generated automatically is same thing with the forms, pages, filters and others configurations.
The problem may be that since you re-created all the settings may not be correct and the page is created by default for admins only, you need to change that
Oh I'm new to this forum. I created an answer instead of adding it as comment to your answer. Exuse me
We only have the Bonita Community installations built on this image https://hub.docker.com/_/bonita
Sorry for the vague description. Our dev and qa instances were empty. We developt our process and organisation on our local machine with the bonita Studio export it and import it in the bonita dev and qa with the bonita portal in the browser.
So far we have tried different things that didn't work.
- We created a complete new bonita instance (with the connection to the existing database).
- We override the "custom-permissions-mapping.properties" with "profile|User=[document_management, case_delete, task_visualization, case_visualization, process_visualization, flownode_visualization, organization_visualization]".
- We have searched the logs for errors.
- We exported the organisation from QA and import it in Dev.
- We have searched for differences in the configuration.
After all this I created a complete new bonita instance (from our installation image) with an h2 (default database) and it also doesn't work. So the only thing whats left is the create a new basic image from bonita itself. Maybe our dev ops department made a mistake when creating the base image (as docker).
Do you have any other idea what we can do to fix the problem in our dev environment.
thanks a lot for your answer :)
Hi Fabian,
have you double checked, logged as an administration in Bonita Portal, that the users of your organization were correctly mapped with the user profile on both Dev & QA environments?
In Organization / Profiles - you can see the list of users with your User Profile or you can verify the mapping from Users menu as shown below :
hi,
also can you check if you do not hard coded " bonita.qa.someCompany.com" somewhere ?
because it is strange to have DEV instance targeting QA instance ?
Hey Delphine,
yes we doubled checked it. Our test user has the profile "User" in Dev and Qa. Both are default bonita instances builded from the docker image of bonita (so no custom settings in one of the systems). I don't get the forum how to add a picture here.
and thanks for your reply julien,
we have seperated instances one for each stage. So we have a prod, testing and development environment. Each is separated.
Yeah we also checked our DNS to the different instances and they are correct.
Our Dev also has an other url "bonita.dev.someCompany.com" and qa is "bonita.qa.someCompany.com".
They are are located in a kubernetes cluster also separeted with different namespaces.
We build a workaround with an own created api that works as a proxy for the bonita rest api with an administrator user. But this is not very nice to handle.