Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-490 Domain Management Role Based Access Control
  3. WFLY-2085

Prevent server group scoped roles modifying the master HC if it has no servers


    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • 8.0.0.CR1
    • None
    • Management
    • None

      Currently server group scoped roles with write or security-sensitive-read privileges are able to use those privileges with any HC that has no servers defined. This allows the role to do things like add a server in the group to a newly spun up host.

      The master HC should be excluded from this ability. The master would typically not have servers, but not because it is a newly spun-up host.

            bstansbe@redhat.com Brian Stansberry
            bstansbe@redhat.com Brian Stansberry
            0 Vote for this issue
            2 Start watching this issue