[ https://issues.jboss.org/browse/WFLY-1838?page=com.atlassian.jira.plugin.... ] Brian Stansberry commented on WFLY-1838: ---------------------------------------- Sorry, I didn't focus heavily on true vs false in Question 2. But I wisely deferred to Kabir! A couple points re: "2) a) If an attribute's access is sensitive it will not appear in either read-resource-description or read-resource." We decided to use the term "address" instead of "access", (verb form, emphasis on the 2nd syllable) since really what's sensitive is the ability to address a resource and thus determine it's address (noun form, emphasis on the first syllable). More important, let's just formally ban the notion that it's possible to make an attribute or operation non-addressable. The data being protected is the dynamic data in a resource address. Static data like address and operation names can always be obtained by looking at code or starting an empty system with RBAC disabled. Re 2) c), yes that is correct, a read-resource response tells you nothing about whether an attribute is writable. I'm not opposed to disallowing writes if reads aren't allowed though, if it makes it easier for the console. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira