[wildfly-dev] Pattern defined RBAC scoped roles
Kabir Khan
kabir.khan at jboss.com
Mon Apr 25 09:38:51 EDT 2016
> On 25 Apr 2016, at 14:26, Ladislav Thon <lthon at redhat.com> wrote:
>
>> How would you propose discriminating these cases?
>>
>> 1) /subsystem=messaging is not allowed but its children are.
>>
>> 2) /subsystem=messaging and its children are.
>
> Well, there's not a lot of possibilities with a rigid scheme I'm
> proposing. A boolean attribute 'children-only' is the only thing I can
> come up with.
>
> I'll be the first to admit that a regexp-based scheme is inherently very
> flexible, no doubt about that. (But with great power ...)
To help with this, could we not add an operation which shows which resources will be granted access?
>
> LT
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
More information about the wildfly-dev
mailing list