Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-1980

Revisit priviledges for /core-service=management/access=authorization

    XMLWordPrintable

Details

    Description

      It seems the access control resources (/core-service=management/access=authorization) are addressable by the monitor role:

      [standalone@localhost:9990 /] /core-service=management/access=authorization:read-resource(){roles=monitor}
      {
          "outcome" => "success",
          "result" => {
              "provider" => "simple",
              "use-realm-roles" => false,
              "constraint" => {
                  "application-classification" => undefined,
                  "sensitivity-classification" => undefined,
                  "vault-expression" => undefined
              },
              "role-mapping" => {"SuperUser" => undefined}
          }
      }
      

      I think it should be 'addressable=false' for anybody except SuperUser and Administrator

      Attachments

        Issue Links

          Activity

            People

              bstansbe@redhat.com Brian Stansberry
              rhn-support-hbraun Heiko Braun
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: