Deployer can't modify data source when datasources set as application resources ------------------------------------------------------------------------------- Key: WFLY-2278 URL: https://issues.jboss.org/browse/WFLY-2278 Project: WildFly Issue Type: Sub-task Security Level: Public(Everyone can see) Components: Domain Management Reporter: Ladislav Thon Assignee: Brian Stansberry Labels: rbac-filed-by-qa Fix For: 8.0.0.CR1 When data sources are made application resources, deployer should be able to modify them. This doesn't work, as opposed to e.g. mail sessions. For example: {code} /core-service=management/access=authorization/constraint=application-classification/type=datasources/classification=data-source:write-attribute(name=configured-application, value=true) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=datasources/data-source=ExampleDS:write-attribute(name=jndi-name, value="java:jboss/datasources/ExampleDS_XXX"){roles=deployer} { "outcome" => "failed", "failure-description" => "JBAS013456: Unauthorized to execute operation 'write-attribute' for resource '[ (\"subsystem\" => \"datasources\"), (\"data-source\" => \"ExampleDS\") ]' -- \"JBAS013475: Permission denied\"", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/access=authorization/constraint=application-classification/type=mail/classification=mail-session:write-attribute(name=configured-application, value=true) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=mail/mail-session=java\:jboss\/mail\/Default:write-attribute(name=jndi-name, value="java:jboss/mail/Default_XXX"){roles=deployer} { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} I have a test case for this as a last commit in my branch https://github.com/Ladicek/wildfly/commits/rbac (that is the commit called _RBAC test case for application types_). Brian, in case you are not the right assignee, please reassign.