Uploaded image for project: 'HAL'
  1. HAL
  2. HAL-1125

Setting system properties on a server-group fails when using RBAC scoped roles on admin console

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.9.0.Alpha1
    • 2.5.10, 2.8.23
    • Ballroom
    • None
    • Hide

      Set up domain mode.

      Enable RBAC

      /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)

      Add scoped role:

      /core-service=management/access=authorization/server-group-scoped-role=DeployerIntegration:add(base-role=Administrator,server-groups=[main-server-group])
      /core-service=management/access=authorization/role-mapping=DeployerIntegration:add()
      /core-service=management/access=authorization/role-mapping=DeployerIntegration/include=user1:add(name=user1,realm=ManagementRealm,type=USER)

      Add another scoped role (similarly to the steps above) based on Monitor for other-server-group and assign this role to user1.

      Log in as user1 to admin console, go to the group configuration page, view other-server-group and than view main-server-group. user1 cannot edit the system properties of main-server-group, the "add" and "remove" button are not visible to the user. "clear" button from JVM configuration on the same page is also missing.

      Show
      Set up domain mode. Enable RBAC /core-service=management/access=authorization:write-attribute(name=provider,value=rbac) Add scoped role: /core-service=management/access=authorization/server-group-scoped-role=DeployerIntegration:add(base-role=Administrator,server-groups= [main-server-group] ) /core-service=management/access=authorization/role-mapping=DeployerIntegration:add() /core-service=management/access=authorization/role-mapping=DeployerIntegration/include=user1:add(name=user1,realm=ManagementRealm,type=USER) Add another scoped role (similarly to the steps above) based on Monitor for other-server-group and assign this role to user1. Log in as user1 to admin console, go to the group configuration page, view other-server-group and than view main-server-group. user1 cannot edit the system properties of main-server-group, the "add" and "remove" button are not visible to the user. "clear" button from JVM configuration on the same page is also missing.

    Attachments

      Issue Links

        causes

        Bug - A problem that impairs or prevents the functions of the product. JBEAP-5065 [GSS](7.0.z) Setting system properties on a server-group fails when using RBAC scoped roles on admin console

        • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
        • Verified

        Activity

          People

            msmerek Martin Šmérek (Inactive)
            msmerek Martin Šmérek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: