[jboss-jira] [JBoss JIRA] (WFLY-1844) deep-copy-subject-mode attribute on Security Subsystem is Readable to all roles
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Thu Sep 19 07:54:03 EDT 2013
[ https://issues.jboss.org/browse/WFLY-1844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFLY-1844:
-----------------------------------
Assignee: Kabir Khan (was: Brian Stansberry)
> deep-copy-subject-mode attribute on Security Subsystem is Readable to all roles
> -------------------------------------------------------------------------------
>
> Key: WFLY-1844
> URL: https://issues.jboss.org/browse/WFLY-1844
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Assignee: Kabir Khan
> Labels: rbac-filed-by-qa
> Fix For: 8.0.0.CR1
>
>
> According to this spreadsheet [1] deep-copy-subject-mode attribute should be available only to Administrator role, instead it is Readable for everyone
> {code}
> [standalone at localhost:9990 /] :whoami(verbose=true)
> {
> "outcome" => "success",
> "result" => {
> "identity" => {
> "username" => "monitor",
> "realm" => "ManagementRealm"
> },
> "roles" => ["Monitor"]
> }
> }
> [standalone at localhost:9990 /] /subsystem=security:read-attribute(name=deep-copy-subject-mode)
> {
> "outcome" => "success",
> "result" => false
> }
> {code}
> [1] https://docs.google.com/spreadsheet/ccc?key=0Au0knNJrYUJhdFlSSEVpdGJpQnlDOURXYTRYajhaZWc#gid=1
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list