[
https://issues.jboss.org/browse/WFLY-490?page=com.atlassian.jira.plugin.s...
]
Ben Schofield commented on WFLY-490:
------------------------------------
This is greatly needed in most large enterprises. At minimum I would be looking for
1) read only - (read)
2) administration - full access (read,write,execute)
3) operation - can execute operations but can not change configuration. Support personnel
would would use this role heavily to start/stop servers, purge connection pools, move jms
messages, trigger heap and thread dumps, etc. (read,execute)
4) configuration - a role for updating configurations. Useful for provisioning and
configuration automation systems such as puppet and chef. (read,write)
If read,write,execute permissions can be mapped to the dmr and reflected in the management
console that would put wildfly and consequently future EAP releases a step above more
expensive competitors.
Domain Management Role Based Access Control
-------------------------------------------
Key: WFLY-490
URL:
https://issues.jboss.org/browse/WFLY-490
Project: WildFly
Issue Type: Feature Request
Components: Domain Management, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Priority: Blocker
Labels: Authorization
Fix For: 8.0.0.CR1
Implement some coarse permissions for domain operations. Possibly allowing a break down
for subsystem, profile, server, server-group - maybe read - write - execute.
Also consider confidentiality in exchange e.g. Can read metrics over http but must use
https to add new server.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira