Brian Stansberry [
https://community.jboss.org/people/brian.stansberry] commented on the
document
"Access control notes"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-48596#comment-11946
--------------------------------------------------
Heiko Braun wrote:
Reading through your examples again, I think this one shouldn't be supported:
> do rights to the referrer grant rights to the referent
If you don't have the same rights on both ends (which is what the sentence implies)
it should be considered an illegal constraint and access to the the referent not be
granted. Eventually we shoud veen take it further and consider the role as illegal
(unusable) when it is associated with illegal secuty rules.
Let's be concrete.
If I have the right to *write* the "security-domain" attribute on a remoting
subsystem connector resource, that does not require me as a user to have any rights to the
security domain resource other than being able to be aware of its existence. It can be
argued that I should also be required to have the ability to fully read the resource as
well, although fundamentally it's the remoting subsystem code that needs that, not me
as a user. In no way does it require that I be able to *write* to the security domain
resource.
So, I disagree that the same rights are required on both ends.
I'm not so sure that even rights to a referent are black-and-white when it comes to
rights to a referrer. Just because I can read a security domain config doesn't mean I
can read the config of every resource that references it. Perhaps I should be able to see
all references so I know what's affected by the resource.
I'm going to think about this in terms of something more exact. That is, what exact
permissions are we talking about on each side. For example "write" permission to
a referent results in modifying the effective config of a referrer, and a permission to do
that is necessary, but that's a different thing from a permission to write some other
attribute of the referrer.
--------------------------------------------------