Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-944

[AMQ7, Hawtio, RBAC] User gets no feedback if operation access was denied by RBAC

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Out of Date
    • AMQ 7.1.0.GA
    • None
    • None
    • None
    • Hide
      1. Create new user "guest" with "view" role. (both without quote marks)
      2. Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile
      3. Login to Hawtio console as "guest" user
      4. Attempt to create address or queue
      5. Nothing happens ...
      Show
      Create new user "guest" with "view" role. (both without quote marks) Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile Login to Hawtio console as "guest" user Attempt to create address or queue Nothing happens ...
    • Release Notes, User Experience
    • The console can indicate that an operation attempted by an unauthorized user was successful when it was not.
    • Documented as Known Issue

    Description

      If there is user with restricted permission, e.g. to view role access only, and attempts to use restricted operation, e.g. create address or queue, nothing happens and logs in hawtio console it self contain messages that everything went ok. There should be some feedback for user, that operation has been denied and failed due to lack of access rights.

      Issue influences the docs if broker would be released with this issue not fixed. Although this should not happened as it is serious issue from QE's point of view.

      Attachments

        Issue Links

          Activity

            People

              ataylor@redhat.com Andy Taylor
              rvais Roman Vais
              Roman Vais Roman Vais
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: