Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-944

[AMQ7, Hawtio, RBAC] User gets no feedback if operation access was denied by RBAC

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • AMQ 7.1.0.GA
    • None
    • None
    • Release Notes, User Experience
    • The console can indicate that an operation attempted by an unauthorized user was successful when it was not.
    • Documented as Known Issue
    • Hide
      1. Create new user "guest" with "view" role. (both without quote marks)
      2. Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile
      3. Login to Hawtio console as "guest" user
      4. Attempt to create address or queue
      5. Nothing happens ...
      Show
      Create new user "guest" with "view" role. (both without quote marks) Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile Login to Hawtio console as "guest" user Attempt to create address or queue Nothing happens ...

      If there is user with restricted permission, e.g. to view role access only, and attempts to use restricted operation, e.g. create address or queue, nothing happens and logs in hawtio console it self contain messages that everything went ok. There should be some feedback for user, that operation has been denied and failed due to lack of access rights.

      Issue influences the docs if broker would be released with this issue not fixed. Although this should not happened as it is serious issue from QE's point of view.

              rh-ee-ataylor Andy Taylor
              rvais Roman Vais (Inactive)
              Roman Vais Roman Vais (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: