Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490

Domain Management Role Based Access Control

    XMLWordPrintable

Details

    Description

      Implement some coarse permissions for domain operations. Possibly allowing a break down for subsystem, profile, server, server-group - maybe read - write - execute.
      Also consider confidentiality in exchange e.g. Can read metrics over http but must use https to add new server.

      Attachments

        Issue Links

          is blocked by

          Feature Request - Feature requests from customers and/or users WFLY-1864 Propagate the Subject of the Caller across the domain for distributed management ops.

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Feature Request - Feature requests from customers and/or users WFLY-1874 Inconsistent access control response structures

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users WFLY-1900 Register override model for DS and RA regardless of if enabled or not

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. WFLY-1954 Exceptions when operating on domain mode

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. WFLY-2005 Host scoped role adding JVM config

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. WFLY-2184 Probe operations not visible in access control meta data

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. WFLY-1800 Upgrade to Remoting JMX 2.0.0 (Beta 2)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. WFLY-1853 Pass the callers Subject from master domain controller to slaves and from host controllers to app servers.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is duplicated by

          Feature Request - Feature requests from customers and/or users AS7-2486 Create a coarse authorization mechanism for domain admin.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is related to

          Task - Represents a small unit of work that is not end-user facing. WFLY-1696 Allow local authentication mechanism to be disabled in CLI

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Feature Request - Feature requests from customers and/or users WFCORE-709 MBeanAttributeInfo#isReadable and MBeanAttributeInfo#isWrittable return always true

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Bug - A problem that impairs or prevents the functions of the product. WFLY-2182 Significant slow down of testsuite execution

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. WFLY-1673 Security Realms need a mechanism to allow querying of all known groups and users.

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) WFCORE-370 Improve RBAC Performance

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          1.
          		 Ensure platform-mbean misc write ops require write perms Sub-task Closed Major Tomaž Cerar (Inactive)
          2.
          		 RBAC: OperationContextImpl.readResourceForUpdate is missing an authorize call Sub-task Closed Major Brian Stansberry
          3.
          		 RBAC: role combination doesn't work Sub-task Closed Major Ladislav Thon
          4.
          		 Allow ModelControllerClient configurations to disable the JBOSS_LOCAL_USER SASL mechanism Sub-task Closed Major Brian Stansberry
          5.
          		 Prevent non-core use of ApplicationTypeConfig.DEPLOYMENT Sub-task Closed Minor Brian Stansberry
          6.
          		 Report data about what resources/attributes/ops a SensitivityClassification or ApplicationTypeConfig are applied to Sub-task Closed Minor Brian Stansberry
          7.
          		 RBAC: HostScopedRole* operations are wrong (copy&paste from ServerGroupScopedRole*) Sub-task Closed Major Ladislav Thon
          8.
          		 Invoking :read-resource operation on Security subsystem as a role with restricted privileges causes NPE Sub-task Closed Major Brian Stansberry
          9.
          		 deep-copy-subject-mode attribute on Security Subsystem is Readable to all roles Sub-task Closed Major Kabir Khan
          10.
          		 Add RBAC sensitivity classification constraints to undertow subsystem Sub-task Closed Blocker Tomaž Cerar (Inactive)
          11.
          		 Authorisation descision filtered vs. read-only Sub-task Closed Major Kabir Khan
          12.
          		 More useful access control failure messages Sub-task Closed Major Brian Stansberry
          13.
          		 Propagation of access control configuration to slave host controllers Sub-task Closed Major Brian Stansberry
          14.
          		 Access control constraints for the audit logging resources Sub-task Closed Major Kabir Khan
          15.
          		 Test rbac for jmx in the testsuite Sub-task Closed Major Ladislav Thon
          16.
          		 Access through unsecured management interface Sub-task Closed Major Darran Lofthouse
          17.
          		 Ensure RBAC metadata changes result in management API bump Sub-task Closed Major Brian Stansberry
          18.
          		 Forward port core management xsd schema 1.5 from EAP Sub-task Closed Major Brian Stansberry
          19.
          		 Add Run-As Capability to ConfigurableRoleMapper Sub-task Closed Major Darran Lofthouse
          20.
          		 Failed to read hosts Sub-task Closed Major Emanuel Muckenhuber (Inactive)
          21.
          		 Add configuration attribute for PERMISSIVE vs REJECTING role combinations Sub-task Closed Major Brian Stansberry
          22.
          		 MBeans for unaddressable resources available through JMX Sub-task Closed Major Kabir Khan
          23.
          		 read-attribute operation is leaking value when user is not authorized to read that attribute Sub-task Closed Critical Ladislav Thon
          24.
          		 Review exceptions thrown for authorization cases in JMX Sub-task Closed Major Kabir Khan
          25.
          		 No enum AccessAuthorizationResourceDefinition.Provider.UNDEFINED Sub-task Closed Major Brian Stansberry
          26.
          		 RBAC: read-resource-description is wrong about the ability to :add in the datasources subsystem Sub-task Closed Major Brian Stansberry
          27.
          		 Scoped roles base on SuperUser should not be allowed Sub-task Closed Major Unassigned
          28.
          		 Remove configurability of VaultExpressionSensitivityConfig addressability Sub-task Closed Major Kabir Khan
          29.
          		 Include hosts in allowed resources for server group scoped roles Sub-task Closed Major Brian Stansberry
          30.
          		 access-type attribute description and access-control section Sub-task Closed Major Kabir Khan
          31.
          		 RBAC + JMX: auditor can't read sensitive non-core MBeans Sub-task Closed Major Kabir Khan
          32.
          		 Login as user with no role assigned leads to 500 error page Sub-task Closed Major Heiko Braun
          33.
          		 RBAC config for slave HCs unable to access master HC Sub-task Closed Major Brian Stansberry
          34.
          		 Rework Subject propagation to avoid marshaling. Sub-task Closed Major Darran Lofthouse
          35.
          		 Ensure there is proper trace level logging for all RBAC decisions Sub-task Closed Major Brian Stansberry
          36.
          		 Revisit priviledges for /core-service=management/access=authorization Sub-task Closed Major Brian Stansberry
          37.
          		 Remove support for use-realm-roles in role mapping implementation, Sub-task Closed Critical Darran Lofthouse
          38.
          		 Upgrade to Remoting JMX 2.0.0.CR2 Sub-task Closed Critical Darran Lofthouse
          39.
          		 Prevent server group scoped roles modifying the master HC if it has no servers Sub-task Closed Major Brian Stansberry
          40.
          		 Update platform-mbean resources to allow configuration of sensitivity constraints Sub-task Closed Major Tomaž Cerar (Inactive)
          41.
          		 Administrator should be prevented from modifying super user and auditor roles. Sub-task Closed Critical Darran Lofthouse
          42.
          		 Add support for an include-all option on individual role mappings. Sub-task Closed Major Darran Lofthouse
          43.
          		 Remove host.xml host scoped role config Sub-task Closed Major Kabir Khan
          44.
          		 NPE when modifying an existing server-group scoped role Sub-task Closed Major Brian Stansberry
          45.
          		 Error executing composite operation as server group role Sub-task Closed Major Brian Stansberry
          46.
          		 Add access-control parameter to read-operation-description operation Sub-task Closed Major Kabir Khan
          47.
          		 Failed handling operation rollback -- null Sub-task Closed Major Brian Stansberry
          48.
          		 Update to web console 2.0.0.Final Sub-task Closed Blocker Heiko Braun
          49.
          		 Test that validate-address and validate-operation do not leak non-addressable addresses Sub-task Closed Major Ladislav Thon
          50.
          		 RBAC-based tab completion for the CLI commands Sub-task Closed Major Alexey Loubyansky
          51.
          		 read-operation-names to return a filtered list of allowed operations Sub-task Closed Major Kabir Khan
          52.
          		 ProxyStepHandler/Controller need to check access before attempting to read information Sub-task Closed Major Kabir Khan
          53.
          		 Improve SecurityRealm service removal. Sub-task Closed Major Darran Lofthouse
          54.
          		 Security Realm - authorization validation Sub-task Closed Major Darran Lofthouse
          55.
          		 Defining <outbound-connections> in <management> prevents the server to start Sub-task Closed Blocker Darran Lofthouse
          56.
          		 Add transformers for RBAC resources Sub-task Closed Major Brian Stansberry
          57.
          		 Enforce permissions on deployment upload ops Sub-task Closed Major Brian Stansberry
          58.
          		 Enforce and correctly describe permissions on domain server lifecycle ops Sub-task Closed Major Brian Stansberry
          59.
          		 Priviledge alignment for scoped resources Sub-task Closed Major Brian Stansberry
          60.
          		 include-all role mappings don't work in domain Sub-task Closed Major Darran Lofthouse
          61.
          		 Unable to reload server after adding role and executing :reload Sub-task Closed Critical Darran Lofthouse
          62.
          		 Add sensitivities to the subsystem 'describe' operations Sub-task Closed Major Brian Stansberry
          63.
          		 A problem setting include-all on a role mapping is failing getting rolled back. Sub-task Closed Major Darran Lofthouse
          64.
          		 Lack of model integrity checking regarding role mappings, standard role names and scoped role names. Sub-task Closed Major Darran Lofthouse
          65.
          		 Expose the list of standard role names and of all role names Sub-task Closed Major Brian Stansberry
          66.
          		 Deployer can't modify data source when datasources set as application resources Sub-task Closed Major Brian Stansberry
          67.
          		 SGSR permission are wrong on server-config Sub-task Closed Major Brian Stansberry
          68.
          		 Allow access-control "write" metadata to say "true" for read-only attributes Sub-task Closed Major Brian Stansberry
          69.
          		 Trying to remove a server group as a server-group-scoped role leaks information Sub-task Closed Major Brian Stansberry
          70.
          		 Populate the Subject with the required prinicpals for rbac/audit logging earlier Sub-task Closed Major Darran Lofthouse
          71.
          		 Eliminate additional round trip exchange of Subject from host controller to app server or slave host controllers. Sub-task Closed Major Darran Lofthouse
          72.
          		 AccessControlContext and management users Subject leaking into thread pool of host controller executor. Sub-task Closed Blocker Darran Lofthouse
          73.
          		 Security Realm and LDAP Connection incorrectly available as resourced under core-services=management in domain mode. Sub-task Closed Major Darran Lofthouse
          74.
          		 Missing filtering response header from type=*:read-resource Sub-task Closed Major Brian Stansberry
          75.
          		 OperationContext.readResourceFromRoot throws UnauthorizedException even when the user doesn't have 'address' perms Sub-task Closed Major Brian Stansberry

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              9 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: