Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-2043

RBAC config for slave HCs unable to access master HC


    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • 8.0.0.Beta1
    • None
    • Management
    • None

      The RBAC configuration is stored in domain.xml. A slave HC unable to contact the master may not have access to domain.xml content. Need to provide config options:

      1) If the host is running with cached-dc set, is using the cached data allowed?

      Default should be yes, and this may not be configurable at all in WF 8 (or perhaps ever). Use of --cached-dc on the command line in general implies that the local domain.xml content is authoritative.

      2) The admin-only mode without --cached-dc. Configure whether the system should:

      a) contact the master to pull down domain wide config, but not actually register as a member.

      b) if a) isn't enabled or fails:

      i) fail boot
      ii) run with any authenticated user able to act as SuperUser.

      The default would be b)ii) as this is compatible with previous releases.

            bstansbe@redhat.com Brian Stansberry
            bstansbe@redhat.com Brian Stansberry
            0 Vote for this issue
            2 Start watching this issue