Details
-
Task
-
Resolution: Done
-
Major
-
jboss-fuse-6.2
-
%
Description
With Fuse 6.2 and RBAC, there is quite a few security roles introduced (admin,manager,viewer,Operator, Maintainer, Deployer, Auditor, Administrator, SuperUser).
I think there should be meaningful mapping between these rbac roles and read/write permissions in A-MQ by default.
When customer just configures Fuse to use LDAP Authorization, he could be surprised, that authenticated users without any roles can read/write, even delete queues and topics using JMS API.
EDIT:deleting of queues and topics would probably require JMX access, which is covered by RBAC.
Yes, customer can google for A-MQ doc page (couldn't find this section in fuse doc pages) and configure amq to his needs, but wouldn't it be nicer with this mapping predefined?