Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-2005

Host scoped role adding JVM config

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 8.0.0.Beta1
    • None
    • Management
    • None

    Description

      Although the operation permissions for add() are given, a host scoped fails to create a new JVM on a specific the role is scoped to:

      [domain@localhost:9990 /] /core-service=management/access=authorization/host-scoped-role=stage_hosts:read-resource
{
    "outcome" => "success",
    "result" => {
        "base-role" => "maintainer",
        "hosts" => ["slave"]
    }
}


[domain@localhost:9990 /] /host=slave/jvm=small:add(){roles=STAGE_HOSTS}
{
    "outcome" => "failed",
    "result" => undefined,
    "failure-description" => {"host-failure-descriptions" => [("slave" => "JBAS013456: Unauthorized to execute operation 'add' for resource '[
    (\"host\" => \"slave\"),
    (\"jvm\" => \"small\")
]' -- \"Permission denied\"")]},
    "rolled-back" => true
}

      Attachments

        Issue Links

          blocks

          Feature Request - Feature requests from customers and/or users WFLY-490 Domain Management Role Based Access Control

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Sub-task - The sub-task of the issue WFLY-2010 RBAC: read-resource-description is wrong about the ability to :add in the datasources subsystem

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              bstansbe@redhat.com Brian Stansberry
              rhn-support-hbraun Heiko Braun
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: