Brian Stansberry created WFCORE-639: --------------------------------------- Summary: ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl Key: WFCORE-639 URL: https://issues.jboss.org/browse/WFCORE-639 Project: WildFly Core Issue Type: Bug Components: Domain Management Reporter: Brian Stansberry ManagementPermissionAuthorizer.authorizeJmxOperation uses hard coded decision making based on the standard 7 roles. This is inflexible and specifically doesn't allow scoped roles to function properly. I believe the JmxPermissionFactory interface needs to be redone to use permissions instead of role names. It should have an API more like org.jboss.as.controller.access.permission.PermissionFactory, with getUserPermissions and getRequiredPermissions. Something like PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, JmxAction action) PermissionCollection getRequiredPermissions(JmxAction action); Then ManagementPermissionAuthorizer.authorizeJmxOperation does a permission match check similar to what it does for management resource permissions. -- This message was sent by Atlassian JIRA (v6.3.11#6341)