More privilege issues

[Steve B]

So I fixed this access issue 

https://groups.google.com/g/jbpm-usage/c/3JdA6xf0074/m/25QM6pk6BAAJ

by making sure the users group was listed in the case roles...

Here's another item though.

I need an 'admin' user to 'delegate' tasks.

I tried adding 'Administrator' role but can't resolve:

"Unexpected error during processing: Organizational entity already exists with [GroupImpl:'Administrator'] id, please check that there is no group and user with same id" 

now back to:

error: "User '[UserImpl:'<MyUser>']' does not have permissions to execute operation 'Delegate' on task id 10097" 

I've added the roles below (I'm using KeyCloak and this is a snippet of the token)

"resource_access":

{

"jbpm":

{

"roles": [ "ju-user", "process-admin", "ju-internal", "ju-admin", "admin", "ju-coordinator", "kie-server" ]

},

But no good.

Also tried some hard coding in the startup config:

        <property name="org.jbpm.ht.admin.user" value="<MyUser>"/>

        <access-control provider="simple">

            <role-mapping>

                <role name="SuperUser">

                    <include>

                        <!-- <user name="$local"/> -->

                        <user name="<MyUser>"/>

                    </include>

                </role>

            </role-mapping>

        </access-control>

Have I missed something? Any other options I've missed...

Steve

[Steve B]

FYI,

At some point, perhaps a restart my 'delegate' is working. Not 100% sure which of my changes did the trick I will try to clarify when I roll this out to customer TEST site.

Stay tuned...