[jboss-jira] [JBoss JIRA] (WFLY-2024) Scoped roles base on SuperUser should not be allowed
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Sun Sep 8 19:12:03 EDT 2013
[ https://issues.jboss.org/browse/WFLY-2024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12802612#comment-12802612 ]
Brian Stansberry commented on WFLY-2024:
----------------------------------------
The auditing logging resources are defined at the host level, which makes SuperUser-based host scoped role reasonable. If we bring the ability to manage hosts solely associated with a server group into the capability set of a server group scoped role (which is likely) then the rationale for host scoped roles applies to server group scoped roles as well.
It's also unintuitive for organizations who don't care about Administrator vs Auditor and just use SuperUser to have to switch to Administrator for this use case.
> Scoped roles base on SuperUser should not be allowed
> -----------------------------------------------------
>
> Key: WFLY-2024
> URL: https://issues.jboss.org/browse/WFLY-2024
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Labels: rbac-filed-by-qa
> Fix For: 8.0.0.CR1
>
>
> It should not be possible to create scoped roles with SuperUser used as the base role. These roles currently don't have any permission to operate over Server Group / Host anyway and having such role doesn't make sense (as restricted superuser is not a superuser).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list