[wildfly-dev] Pattern defined RBAC scoped roles

[Ladislav Thon]

> How would you propose discriminating these cases?
> 
> 1) /subsystem=messaging is not allowed but its children are.
> 
> 2) /subsystem=messaging and its children are.

Well, there's not a lot of possibilities with a rigid scheme I'm
proposing. A boolean attribute 'children-only' is the only thing I can
come up with.

I'll be the first to admit that a regexp-based scheme is inherently very
flexible, no doubt about that. (But with great power ...)

LT