Skip to content

Operate/Tasklist API doesn't apply tenancy checks when configuring tenancy properties using kebab case #36597

New issue
New issue
Closed
Bug
2 of 2 issues completed
#36863
Closed
Operate/Tasklist API doesn't apply tenancy checks when configuring tenancy properties using kebab case#36597
Bug
2 of 2 issues completed
#36863
Assignees
korthout
Labels
affects/8.8Issue is affecting 8.8 minor versionscomponent/identityRelated to the Identity component/teamkind/bugCategorizes an issue or PR as a buglikelihood/highA recurring issueseverity/midMarks a bug as having a noticeable impact but with a known workaroundversion:8.8.0-alpha8version:8.8.0-alpha8-rc1
@ThorbenLindhauer

Description

@ThorbenLindhauer
ThorbenLindhauer
opened on Aug 8, 2025

Description

When configuring multi-tenancy using kebab case, e.g. camunda.security.multi-tenancy.checks-enabled, then tenancy checks are not applied to the Operate and Tasklist V1/internal APIs. Since the UIs still use the V1 APIs in some areas, data becomes visible there, too.

Steps to reproduce

  1. Configure an application property to enable tenant checks as kebab-case, i.e. camunda.security.multi-tenancy.checks-enabled: true
  2. Start the application
  3. Create two tenants with one user each
  4. Deploy a process model for each user
  5. Log in with one of the users to Operate
  6. Go to Operate at http://localhost:8080/operate/processes?tenant=all and check which processes are visible

Current behavior

  • Both deployed processes are visible (since the internal API /api/processes/grouped is returning both)

Expected behavior

  • Only the process to which the user has access to is displayed

Environment

SM

Version

  • 8.8.0-alpha7 and later

Rootcause

The tenant access provider is conditionally created, based on an @ConditionalOnProperty annotation. This seems to be case sensitive.

camunda/dist/src/main/java/io/camunda/application/commons/search/ResourceAccessControllerConfiguration.java

Lines 53 to 70 in 8c0e710

@Bean
@ConditionalOnProperty(
prefix = "camunda.security.multiTenancy",
name = "checksEnabled",
havingValue = "true")
public TenantAccessProvider tenantAccessProvider() {
return new DefaultTenantAccessProvider();
}
@Bean
@ConditionalOnProperty(
prefix = "camunda.security.multiTenancy",
name = "checksEnabled",
havingValue = "false",
matchIfMissing = true)
public TenantAccessProvider disabledTenantAccessProvider() {
return new DisabledTenantAccessProvider();
}

Solution ideas

  • Rewrite the condition into a programmatic check that takes care of both cases (or potentially even just use the configuration Java class to access the property value, if that is technicall possible)
  • Consider checking the codebase for other occurrences of this pattern

Dev -> QA handover

  • Resources:
  • Versions to validate:
  • Release version (in which version this feature will be released):

Links

Sub-issues

Metadata

Metadata

Assignees

Labels

affects/8.8Issue is affecting 8.8 minor versionscomponent/identityRelated to the Identity component/teamkind/bugCategorizes an issue or PR as a buglikelihood/highA recurring issueseverity/midMarks a bug as having a noticeable impact but with a known workaroundversion:8.8.0-alpha8version:8.8.0-alpha8-rc1

Type

Bug

Projects

Quality Board

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions