Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6416

Release Notes: RBAC: The two kinds of non-addressability

    XMLWordPrintable

Details

    • Release Notes

    Description

      In EAP 6 release notes, we had the following entry in the Known Issues section of the Release Notes:

      RBAC: The two kinds of non-addressability

      Some resources are non-addressable to server-group and host scoped roles in order to provide a simplified view of the management model to improve usability. This is distinct from resources that are non-addressable to protect sensitive data.

      For server-group scoped roles this means that resources in the `profile`, `socket binding group`, `deployment`, `deployment override`, `server group`, `server config` and `server` portions of the management model will not be visible if they are not related to the server-groups specified for the role.

      For host-scoped roles this means that resources in the `/host=*` portion of the management model will not be visible if they are not related to the server groups specified for the role.

      However in some cases this simplified view can hide information that while it is outside the scope of what the user is managing, it can provide guidance to the user as to a course of action. An example of this is http://bugzilla.redhat.com/show_bug.cgi?id=1015524[BZ# 1015524].

      In a future release, some of these non-addressable resources might be changed to be addressable but non-readable. This will not affect the security of the server because they were not non-addressable for security reasons. Red Hat recommends that you do not rely on the non-addressability of resources to hide information unless the non-addressability is defined in a sensitivity constraint.

      The EAP 6 BZ is https://bugzilla.redhat.com/show_bug.cgi?id=1021607

      Attachments

        Issue Links

          Activity

            People

              dmichael@redhat.com dmichael@redhat.com
              hsvabek_jira hsvabek_jira
              hsvabek_jira hsvabek_jira
              hsvabek_jira hsvabek_jira
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: