[teiid-issues] [JBoss JIRA] Resolved: (TEIID-840) admin-roles appears to be ignored and allegedly privileged users cannot execute methods appropriately
Ramesh Reddy (JIRA)
jira-events at lists.jboss.org
Fri Sep 18 20:05:49 EDT 2009
[ https://jira.jboss.org/jira/browse/TEIID-840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Reddy resolved TEIID-840.
--------------------------------
Resolution: Done
Finally to the JIRA, where I can find that it is user error -:)
The group names mentioned in the "admin-roles.properties" MUST be fully qualified, like "itgroup at file" for them to recognisable.
I have updated the header message on this file to say the same, it now reads
-------------------------------------------------------------------------------------------------------------------
# This file defines admin role grants for each user "group" in the system.
# based on the this permission the user will be able to call the admin
# function calls into the system. The following format needs to be used
# define the permissions. Make sure the group names are fully qualified
# with their membership domain names like "group at file"
# role1 = groupA at domainA,groupB at domainB
# role2 = groupB at domainB
--------------------------------------------------------------------------------------------------------------------
For documentation on admin roles, please visit
https://www.jboss.org/community/wiki/ManagingAuthorizationsinTeiid
> admin-roles appears to be ignored and allegedly privileged users cannot execute methods appropriately
> -----------------------------------------------------------------------------------------------------
>
> Key: TEIID-840
> URL: https://jira.jboss.org/jira/browse/TEIID-840
> Project: Teiid
> Issue Type: Bug
> Components: AdminApi
> Affects Versions: 6.2.0
> Environment: fedora 10, Teiid 6.2 RC1
> Reporter: Paul Nittel
> Assignee: Ramesh Reddy
> Attachments: admin-roles.properties, deploy.properties
>
>
> Connecting as admin, I am able to execute this command string to see the group(s) to which pnittel belongs:
> c=getGroupsForUser( "pnittel"); for (cb:c) { print( cb.getName() ); }
> Connecting as pnittel, I cannot execute that same command. pnittel is a member of the itgroup and that group is assigned all three roles. I'm attaching deploy.properties and admin-roles.properties.
> Here's the dialog:
> admin $ connectAsAdmin("pnittel","mm","mm://localhost:31000");
> conn-1[mm://localhost:31000] $ c=getGroupsForUser( "pnittel"); for (cb:c) { print( cb.getName() ); }
> Remote exception: Administrator [pnittel at TheDap], session [3] does not have any required role [Admin.SystemAdmin] so is not authorized to perform the action [getGroupsForUser]. ... Original type hierarchy [org.teiid.adminapi.AdminProcessingException, org.teiid.adminapi.AdminException, com.metamatrix.core.MetaMatrixCoreException].
> conn-1[mm://localhost:31000] $ // Error: EvalError: The collection, array, map, iterator, or enumeration portion of a for statement cannot be null. : at Line: 3 : in file: <unknown file> : for ( cb : c ) {
> conn-1[mm://localhost:31000] $ conn-1[mm://localhost:31000] $ disconnect();
> admin $ connectAsAdmin("admin","teiid","mm://localhost:31000");
> conn-2[mm://localhost:31000] $ c=getGroupsForUser( "pnittel"); for (cb:c) { print( cb.getName() ); }
> conn-2[mm://localhost:31000] $ itgroup at TheDap
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list