[JBoss JIRA] (WFLY-1980) Revisit priviledges for /core-service=management/access=authorization

Monday, 2 September 2013



    [
https://issues.jboss.org/browse/WFLY-1980?page=com.atlassian.jira.plugin....
] 

Heiko Braun commented on WFLY-1980:
-----------------------------------

Maybe 'readable=false' is the right priviledge setup
                
...
 Revisit priviledges for
/core-service=management/access=authorization
 ---------------------------------------------------------------------

                 Key: WFLY-1980
                 URL: https://issues.jboss.org/browse/WFLY-1980
             Project: WildFly
          Issue Type: Bug
          Components: Domain Management
            Reporter: Heiko Braun
            Assignee: Brian Stansberry

 It seems the access control resources (/core-service=management/access=authorization) are
addressable by the monitor role:
 {noformat}
 [standalone@localhost:9990 /]
/core-service=management/access=authorization:read-resource(){roles=monitor}
 {
     "outcome" => "success",
     "result" => {
         "provider" => "simple",
         "use-realm-roles" => false,
         "constraint" => {
             "application-classification" => undefined,
             "sensitivity-classification" => undefined,
             "vault-expression" => undefined
         },
         "role-mapping" => {"SuperUser" => undefined}
     }
 }
 {noformat}
 I think it should be 'addressable=false' for anybody except SuperUser and
Administrator 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006