[jboss-jira] [JBoss JIRA] (WFLY-2088) Error creating server group as scoped role user

Heiko Braun (JIRA) jira-events at lists.jboss.org
Mon Sep 16 12:43:04 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804571#comment-12804571 ] 

Heiko Braun commented on WFLY-2088:
-----------------------------------

bstansberry: hbraun: why should that work? MAIN_MAINTAINER has no perms for server-group fooBar
[6:36pm] hbraun: bstansberry: it would work because the user creates it ?
[6:36pm] hbraun: it didn't exist before
[6:37pm] bstansberry: if he were a MAINTAINER, sure, but why should a role that is scoped to main-server-group have perms to create some entirely new server group?
[6:37pm] hbraun: bstansberry: don't know. that's what I expected
[6:37pm] hbraun: why not?
[6:38pm] hbraun: so your answer is: scoped roles cannot create new server groups
[6:38pm] bstansberry: sure. scoped roles are constrained to their server group. they can't do anything globabl
[6:38pm] bstansberry: global
[6:39pm] hbraun: bstansberry: then at least the error message should be fixed
[6:40pm] hbraun: bstansberry: and maybe the add operation not be allowed
[6:40pm] hbraun: bstansberry: buit that last one might be my bad, reading the wrong group
[6:42pm] hbraun: bstansberry: no, it seems the permission for the add operation are granted
                
> Error creating server group as scoped role user
> -----------------------------------------------
>
>                 Key: WFLY-2088
>                 URL: https://issues.jboss.org/browse/WFLY-2088
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Domain Management
>            Reporter: Heiko Braun
>            Assignee: Brian Stansberry
>             Fix For: 8.0.0.Beta1
>
>
> I've got a scoped role
> {noformat}
> [domain at localhost:9999 /] /core-service=management/access=authorization/server-group-scoped-role=main-MAINTAINER:read-resource
> {
>     "outcome" => "success",
>     "result" => {
>         "base-role" => "MAINTAINER",
>         "server-groups" => ["main-server-group"]
>     }
> }
> {noformat}
> and try to create a server group, which leads to an exception:
> {noformat}
> [domain at localhost:9999 /] /server-group=fooBar:add(){roles=MAIN-MAINTAINER}
> {
>     "outcome" => "failed",
>     "failure-description" => "JBAS014807: Management resource '[(\"server-group\" => \"fooBar\")]' not found",
>     "rolled-back" => true
> }
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list