Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-944

[AMQ7, Hawtio, RBAC] User gets no feedback if operation access was denied by RBAC

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Major
    • None
    • AMQ 7.1.0.GA
    • None
    • None
    • Release Notes, User Experience
    • The console can indicate that an operation attempted by an unauthorized user was successful when it was not.
    • Documented as Known Issue
    • Hide
      1. Create new user "guest" with "view" role. (both without quote marks)
      2. Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile
      3. Login to Hawtio console as "guest" user
      4. Attempt to create address or queue
      5. Nothing happens ...
      Show
      Create new user "guest" with "view" role. (both without quote marks) Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile Login to Hawtio console as "guest" user Attempt to create address or queue Nothing happens ...

    Description

      If there is user with restricted permission, e.g. to view role access only, and attempts to use restricted operation, e.g. create address or queue, nothing happens and logs in hawtio console it self contain messages that everything went ok. There should be some feedback for user, that operation has been denied and failed due to lack of access rights.

      Issue influences the docs if broker would be released with this issue not fixed. Although this should not happened as it is serious issue from QE's point of view.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-544 RBAC for the Hawtio console is missing

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-1060 Unable to access to AMQ7.1 Management Console in read-only mode

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rh-ee-ataylor Andy Taylor
              rvais Roman Vais
              Roman Vais Roman Vais
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: