[jboss-jira] [JBoss JIRA] (WFLY-2024) Scoped roles base on SuperUser should not be allowed
Heiko Braun (JIRA)
jira-events at lists.jboss.org
Mon Sep 9 09:12:03 EDT 2013
[ https://issues.jboss.org/browse/WFLY-2024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12802729#comment-12802729 ]
Heiko Braun commented on WFLY-2024:
-----------------------------------
hbraun: jcechace: just to explain what's going on:
[3:08pm] hbraun: there may be edge cases where the scoped role doesn't match any instances
[3:08pm] hbraun: i.e. the group doesn't exists, or the host is not available
[3:08pm] hbraun: in terms of configuration it may a legal case
[3:09pm] hbraun: but using the console in domain, w/o any addressable resource (host or group) doesn't make sense
[3:09pm] jcechace: Yea, i get it.. that's the reason for that message. So indeed it is a feature
[3:09pm] hbraun: hence you get the error message
> Scoped roles base on SuperUser should not be allowed
> -----------------------------------------------------
>
> Key: WFLY-2024
> URL: https://issues.jboss.org/browse/WFLY-2024
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Labels: rbac-filed-by-qa
> Fix For: 8.0.0.CR1
>
>
> It should not be possible to create scoped roles with SuperUser used as the base role. These roles currently don't have any permission to operate over Server Group / Host anyway and having such role doesn't make sense (as restricted superuser is not a superuser).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list