-
Bug
-
Resolution: Done
-
Critical
-
2.1.0.CR1
-
None
If a SuperUser performs for example this:
/core-service=management/access=audit/in-memory-handler=y:add /core-service=management/access=audit/in-memory-handler=y:write-attribute(name=max-history,value=50)
then a Monitor user shouldn't be able to see this in the configuration change log (as decided in EAP7-89), because he doesn't even have the permission to "read" the manipulated resource.. But actually he can see it:
/core-service=management/service=configuration-changes:list-changes
{
"outcome" => "success",
"result" => [
{
"operation-date" => "2016-03-15T08:40:25.807Z",
"access-mechanism" => "NATIVE",
"remote-address" => "127.0.0.1/127.0.0.1",
"outcome" => "success",
"operations" => [{
"operation" => "write-attribute",
"address" => [
("core-service" => "management"),
("access" => "audit"),
("in-memory-handler" => "y")
]
}]
},
{
"operation-date" => "2016-03-15T08:40:25.809Z",
"access-mechanism" => "NATIVE",
"remote-address" => "127.0.0.1/127.0.0.1",
"outcome" => "success",
"operations" => [{
"operation" => "add",
"address" => [
("core-service" => "management"),
("access" => "audit"),
("in-memory-handler" => "y")
]
}]
}
]
}
- clones
-
-
- Closed
-
