Brian Stansberry [https://community.jboss.org/people/brian.stansberry] commented on the document "Access control notes" To view all comments on this document, visit: https://community.jboss.org/docs/DOC-48596#comment-11938 -------------------------------------------------- Thoughts on model-references. I'm going to outline different types of references, with suggestions for what rules could be enforced. What I'm getting at here is if we allow a more narrowly scoped variant of our standard roles (e.g. a person is an "Operator" but only for server-group "foo" or only for server host=x/server=y), how would those scoped permissions relate to other resources? Specifically for a given reference: Referrer to referent: a) does referrer need perms to validate existence of the referent? b) do rights to the referrer grant rights to the referent? For example, ability to write to referrer grants right to write referent Referent to referrer: a) does user require perms to referrer to change referent? b) do rights to the referent grant rights to the referrer? For example, ability to write to referent grants right to write referrer The types of references I considered and the answers I have have for the above questions: Misc references: Example: ejb to ispn cache Referrer to referent: a) no b) no Referent to referrer: a) no b) no References to secure resources: Example: remoting connector to security domain cache Referrer to referent: a) yes b) no Referent to referrer: a) no b) no Server group to profile: Referrer to referent: a) no b) configurable (config for a server-group-scoped role could have a flag) Referent to referrer: a) yes b) no Server group to socket-binding-group: Referrer to referent: a) no b) configurable Referent to referrer: a) yes b) no Server group to deployment: Referrer to referent: a) no b) configurable Referent to referrer: a) yes b) no Server group to deployment-override: Referrer to referent: a) no b) configurable Referent to referrer: a) yes b) no Server to server-group: Referrer to referent: a) no b) no (give user rights to server-group if this is desired) Referent to referrer: a) no b) no Server to socket-binding-group: Referrer to referent: a) no b) no Referent to referrer: a) no b) no I went through a bunch of different cases with the server-group and server ones, but for each type, the answers are the same. --------------------------------------------------