Skip to content

Commit

Permalink
feat(web-modeler): add super-user self-managed
Browse files Browse the repository at this point in the history
  • Loading branch information
JacobiCamunda committed Aug 23, 2024
1 parent d84ec94 commit ea027e2
Showing 1 changed file with 33 additions and 7 deletions.
40 changes: 33 additions & 7 deletions docs/components/modeler/web-modeler/collaboration.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ description: Collaboration features and access rights for Web Modeler.
---

import SuperUserModeImg from './img/super-user-mode.png';
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

<span class="badge badge--cloud">Camunda 8 only</span>

Expand All @@ -28,25 +30,49 @@ There are four roles with different levels of access rights that can be assigned
- **Commenter**: The user cannot edit folders or diagrams or invite users, but can view diagrams and properties and leave comments.
- **Viewer**: The user cannot edit folders or diagrams nor leave comments, but can only view diagrams.

Additionally, the **Owner** and **Admins** of the organization have special privileges to do administrative tasks in **super-user mode**.
Additionally, users with elevated access have special privileges to do administrative tasks in **super-user mode**.

#### Super-user mode

:::note
Super-user mode is not yet available in Web Modeler Self-Managed.
:::

Super-user mode is only available to the **Owner** and **Admins** of the organization and can be enabled via the user menu in Web Modeler:
Super-user mode is only available to users with elevated access and can be enabled via the user menu in Web Modeler:

<p><img src={SuperUserModeImg} style={{width: 280}} alt="Enable super-user mode in Web Modeler's user menu" /></p>

The main purpose of this mode is to assign collaborators to orphaned projects (which have no collaborators).
Ordinarily, these projects would not be accessible or visible to any users.

When the **Owner** or an **Admin** activates super-user mode, they are temporarily granted **Project Admin** access to all projects
When a user activates super-user mode, they are temporarily granted **Project Admin** access to all projects
of the organization. This allows them to assign collaborators to orphaned projects and gives them
full access when none of the ordinary collaborators are available.

##### Required Roles/Permissions for Super-User Mode Access

<Tabs groupId="permissions" defaultValue="saas" queryString values={
[
{label: 'SaaS', value: 'saas' },
{label: 'Self-Managed', value: 'self-managed' },
]}>

<TabItem value='saas'>

The user must be assigned the organization **Owner** or **Admin** role.

</TabItem>

<TabItem value='self-managed'>

The user must be assigned the **Web Modeler Admin** role.

If the role is not pre-existing, it should be created with the following permissions:

- Web Modeler Internal API - `write:*`
- Web Modeler Internal API - `admin:*`
- Camunda Identity Resource Server - `read:users`

</TabItem>

</Tabs>

### Inviting users to projects

:::note
Expand Down

0 comments on commit ea027e2

Please sign in to comment.