[teiid-issues] [JBoss JIRA] Resolved: (TEIID-840) admin-roles appears to be ignored and allegedly privileged users cannot execute methods appropriately
[
https://jira.jboss.org/jira/browse/TEIID-840?page=com.atlassian.jira.plug...
]
Ramesh Reddy resolved TEIID-840.
--------------------------------
Resolution: Done
Finally to the JIRA, where I can find that it is user error -:)
The group names mentioned in the "admin-roles.properties" MUST be fully
qualified, like "itgroup@file" for them to recognisable.
I have updated the header message on this file to say the same, it now reads
-------------------------------------------------------------------------------------------------------------------
# This file defines admin role grants for each user "group" in the system.
# based on the this permission the user will be able to call the admin
# function calls into the system. The following format needs to be used
# define the permissions. Make sure the group names are fully qualified
# with their membership domain names like "group@file"
# role1 = groupA@domainA,groupB@domainB
# role2 = groupB@domainB
--------------------------------------------------------------------------------------------------------------------
For documentation on admin roles, please visit
https://www.jboss.org/community/wiki/ManagingAuthorizationsinTeiid
admin-roles appears to be ignored and allegedly privileged users
cannot execute methods appropriately
-----------------------------------------------------------------------------------------------------
Key: TEIID-840
URL: https://jira.jboss.org/jira/browse/TEIID-840
Project: Teiid
Issue Type: Bug
Components: AdminApi
Affects Versions: 6.2.0
Environment: fedora 10, Teiid 6.2 RC1
Reporter: Paul Nittel
Assignee: Ramesh Reddy
Attachments: admin-roles.properties, deploy.properties
Connecting as admin, I am able to execute this command string to see the group(s) to
which pnittel belongs:
c=getGroupsForUser( "pnittel"); for (cb:c) { print( cb.getName() ); }
Connecting as pnittel, I cannot execute that same command. pnittel is a member of the
itgroup and that group is assigned all three roles. I'm attaching deploy.properties
and admin-roles.properties.
Here's the dialog:
admin $
connectAsAdmin("pnittel","mm","mm://localhost:31000");
conn-1[mm://localhost:31000] $ c=getGroupsForUser( "pnittel"); for (cb:c) {
print( cb.getName() ); }
Remote exception: Administrator [pnittel@TheDap], session [3] does not have any required
role [Admin.SystemAdmin] so is not authorized to perform the action [getGroupsForUser].
... Original type hierarchy [org.teiid.adminapi.AdminProcessingException,
org.teiid.adminapi.AdminException, com.metamatrix.core.MetaMatrixCoreException].
conn-1[mm://localhost:31000] $ // Error: EvalError: The collection, array, map, iterator,
or enumeration portion of a for statement cannot be null. : at Line: 3 : in file:
<unknown file> : for ( cb : c ) {
conn-1[mm://localhost:31000] $ conn-1[mm://localhost:31000] $ disconnect();
admin $
connectAsAdmin("admin","teiid","mm://localhost:31000");
conn-2[mm://localhost:31000] $ c=getGroupsForUser( "pnittel"); for (cb:c) {
print( cb.getName() ); }
conn-2[mm://localhost:31000] $ itgroup@TheDap
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira