Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6479

[GSS](7.1.0) Setting system properties on a server-group fails when using RBAC scoped roles on admin console

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR13
    • 7.0.1.CR1
    • Web Console
    • None
    • Hide

      Set up domain mode.

      Enable RBAC

      /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)

      Add scoped role:

      /core-service=management/access=authorization/server-group-scoped-role=DeployerIntegration:add(base-role=Administrator,server-groups=[main-server-group])
      /core-service=management/access=authorization/role-mapping=DeployerIntegration:add()
      /core-service=management/access=authorization/role-mapping=DeployerIntegration/include=user1:add(name=user1,realm=ManagementRealm,type=USER)

      Add another scoped role (similarly to the steps above) based on Monitor for other-server-group and assign this role to user1.

      User1 added above cannot edit the system properties of main-server-group on the group configuration page via admin console, the "add" and "remove" button are not visible to the user. "clear" button from JVM configuration on the same page is also missing.

      Show
      Set up domain mode. Enable RBAC /core-service=management/access=authorization:write-attribute(name=provider,value=rbac) Add scoped role: /core-service=management/access=authorization/server-group-scoped-role=DeployerIntegration:add(base-role=Administrator,server-groups= [main-server-group] ) /core-service=management/access=authorization/role-mapping=DeployerIntegration:add() /core-service=management/access=authorization/role-mapping=DeployerIntegration/include=user1:add(name=user1,realm=ManagementRealm,type=USER) Add another scoped role (similarly to the steps above) based on Monitor for other-server-group and assign this role to user1. User1 added above cannot edit the system properties of main-server-group on the group configuration page via admin console, the "add" and "remove" button are not visible to the user. "clear" button from JVM configuration on the same page is also missing.

            hpehl@redhat.com Harald Pehl
            ppalaga Peter Palaga
            Jan Kašík Jan Kašík
            Jan Kašík Jan Kašík
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: