Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-1980

Revisit priviledges for /core-service=management/access=authorization

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • 8.0.0.Beta1
    • None
    • Management
    • None

      It seems the access control resources (/core-service=management/access=authorization) are addressable by the monitor role:

      [standalone@localhost:9990 /] /core-service=management/access=authorization:read-resource(){roles=monitor}
{
    "outcome" => "success",
    "result" => {
        "provider" => "simple",
        "use-realm-roles" => false,
        "constraint" => {
            "application-classification" => undefined,
            "sensitivity-classification" => undefined,
            "vault-expression" => undefined
        },
        "role-mapping" => {"SuperUser" => undefined}
    }
}

      I think it should be 'addressable=false' for anybody except SuperUser and Administrator

              bstansbe@redhat.com Brian Stansberry
              rhn-support-hbraun Heiko Braun
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: