[jboss-jira] [JBoss JIRA] (WFLY-490) Domain Management Role Based Access Control

Ben Schofield (JIRA) jira-events at lists.jboss.org
Thu Aug 1 12:05:27 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12794595#comment-12794595 ] 

Ben Schofield commented on WFLY-490:
------------------------------------

This is greatly needed in most large enterprises.  At minimum I would be looking for
1) read only - (read)
2) administration - full access (read,write,execute)
3) operation - can execute operations but can not change configuration.  Support personnel would would use this role heavily to start/stop servers, purge connection pools, move jms messages, trigger heap and thread dumps, etc.  (read,execute)
4) configuration - a role for updating configurations.  Useful for provisioning and configuration automation systems such as puppet and chef.  (read,write)

If read,write,execute permissions can be mapped to the dmr and reflected in the management console that would put wildfly and consequently future EAP releases a step above more expensive competitors. 


                
> Domain Management Role Based Access Control
> -------------------------------------------
>
>                 Key: WFLY-490
>                 URL: https://issues.jboss.org/browse/WFLY-490
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Domain Management, Security
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>              Labels: Authorization
>             Fix For: 8.0.0.CR1
>
>
> Implement some coarse permissions for domain operations.  Possibly allowing a break down for subsystem, profile, server, server-group - maybe read - write - execute. 
> Also consider confidentiality in exchange e.g. Can read metrics over http but must use https to add new server.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list