BPM-ADMIN-UI Service
- Technische Redaktion
Administer the models, processes, tasks and jobs offered and treated by the BPM-ENGINE service via a graphical user interface.
Table of Contents
Introduction
The BPM-ADMIN-UI service is a frontend application enabling the management of models, processes, tasks, and jobs via an administrative graphical user interface.
This service is not yet included in yuuvis® Momentum installations but is available only on request. Alternatively, you can use the Flowable REST API in order to directly call the endpoints of the BPM-ENGINE service.
Characteristics
| Service Name | bpm-admin-ui |
|---|---|
| Port Range | 8080 |
| Profiles | - |
| Helm Chart | bpm |
| Public API | - |
Function
The service provides the admin tool for the Business Process Management (BPM) Engine.
Requirements
The service can be used only in combination with the BPM-ENGINE service.
Configuration
Once logged in to the BMP-ADMIN-UI, users have the permission to manage all models and processes of all tenants. Therefore, the protection against unauthorized access has to be ensured. Per default, this security is achieved by granting access only within the Kubernetes cluster of yuuvis® Momentum. Users can access the system only from their local workstations via Kubernetes port forwarding within the Kubernetes cluster. However, the BPM-ADMIN-UI can be configured such that authentication is possible via other authentication gateways with appropriate access credentials.
Parameters
The parameters for the connection between BPM-ENGINE service and BPM-ADMIN-UI service are listed in the section bpm.admin.app.default-user-authentication of the configuration profile.
| Parameter | Description | Default Value | |
|---|---|---|---|
enabled | Boolean value that activates or deactivates the default authentication for the BPM-ADMIN-UI service. | true | |
user | Section of parameters defining the access credentials and permissions of the technical user account used for the default authentication. | - | |
id | Defines the id of the default user that will be written to appropriate logs. It does not have to exist in Keycloak since no subsequent authorization is performed. | "sysadmin" | |
tenant | Defines the Flowable tenant that can be accessed by the BPM-ADMIN-UI service. By default it is set to the master tenant which has access to all tenants. If access to all tenants is needed, this parameter should be the same as the configuration parameter | 'master' | |
privileges | The roles that will be used to identify the BPM-ADMIN technical user to access the BPM-ENGINE. The list shall match the roles defined in |
as of 2021 Winter: | |
Settings Options via User Interface
After accessing the BPM Admin as the graphical user interface provided by the BPM-ADMIN-UI service, the URL of the BPM Engine can be changed. This might be necessary if deployment has multiple BPM Engine instances within the same cluster. However, in most cases this is not needed since by default there is one instance of BPM Engine and the BPM Admin will connect to it by default. Only process-engine is supported at the moment, since it is deployed with yuuvis® Momentum by default. Other engines cannot be managed and a toast error will occur.
When searching and managing the processes, the BPM Admin user may use a filter for tenant ids to improve the search results. Only requests affecting the specified tenant will be available. The filter must be set if the parameter bpm.admin.app.default-user-authentication.user.tenant specifies a single tenant not having access to other tenants. By default, both BPM Engine and BPM Admin services are configured such that administration of all tenants is possible.
Summary
The connection of BPM-ADMIN-UI service to BPM-ENGINE service is specified in configuration parameters that can be adjusted according to the customer's needs. Also within the provided graphical user interface of BPM Admin, settings can be changed. By default, both BPM Engine and BPM Admin services are configured such that administration of all tenants is possible.