Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 8.0.0.Beta1
Affects Version/s: None
Component/s: Management
Labels:
None

Git Pull Request:
https://github.com/wildfly/wildfly/pull/5023

Although the operation permissions for add() are given, a host scoped fails to create a new JVM on a specific the role is scoped to:

[domain@localhost:9990 /] /core-service=management/access=authorization/host-scoped-role=stage_hosts:read-resource
{
    "outcome" => "success",
    "result" => {
        "base-role" => "maintainer",
        "hosts" => ["slave"]
    }
}


[domain@localhost:9990 /] /host=slave/jvm=small:add(){roles=STAGE_HOSTS}
{
    "outcome" => "failed",
    "result" => undefined,
    "failure-description" => {"host-failure-descriptions" => [("slave" => "JBAS013456: Unauthorized to execute operation 'add' for resource '[
    (\"host\" => \"slave\"),
    (\"jvm\" => \"small\")
]' -- \"Permission denied\"")]},
    "rolled-back" => true
}

blocks

WFLY-490 Domain Management Role Based Access Control

Closed

is related to

WFLY-2010 RBAC: read-resource-description is wrong about the ability to :add in the datasources subsystem

Closed

Assignee:: Brian Stansberry

Reporter:: Heiko Braun

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2013/09/05 4:06 AM

Updated:: 2020/09/14 5:04 AM

Resolved:: 2013/09/09 12:01 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates