WFCORE-272 for background; this issue is to track the CLI part of my comment of 2014/01/28.
With no security realm configured on the management interface and the 'rbac' provider chosen, CLI behavior is not very intuitive. You can connect and you get the [standalone@localhost:9990 /] prompt. But if you attempt to do anything that requires server-side work you get various errors indicating you aren't authorized.
In this situation the user is not going to have permissions to do much of anything at all, so it would be good to detect that somehow and respond accordingly. (The lack of a security realm means there is no way to map the user to a role. They can log in but they are not in any role and thus have no permissions.)