Bug 1010665

Summary: RBAC: CRUD operations over Server Groups should not be allowed for Group Scoped Roles
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Jakub Cechacek <jcechace>
Component: Web ConsoleAssignee: Harald Pehl <hpehl>
Status: CLOSED CURRENTRELEASE QA Contact: Jakub Cechacek <jcechace>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: urgent    
Version: 6.2.0CC: brian.stansberry, hpehl, jkudrnac, lcosti, lthon
Target Milestone: ER7   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
Cause: Consequence: Workaround (if any): Results:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:18:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jakub Cechacek 2013-09-22 10:58:04 UTC 
Group Scoped Maintainers / Administrators don't have permissions to create / delete server groups. Thus control elements should not be displayed to them. 

Attempt to create new group as such role leads to error message "Failed to add TestGroup"
Comment 1 JBoss JIRA Server 2013-10-02 08:55:09 UTC 
Heiko Braun <ike.braun> updated the status of jira HAL-216 to Resolved
Comment 2 JBoss JIRA Server 2013-10-02 08:55:09 UTC 
Heiko Braun <ike.braun> made a comment on jira HAL-216

Duplicates HAL-236
Comment 3 JBoss JIRA Server 2013-10-02 08:55:26 UTC 
Heiko Braun <ike.braun> updated the status of jira HAL-216 to Reopened
Comment 4 JBoss JIRA Server 2013-10-09 07:22:10 UTC 
Heiko Braun <ike.braun> made a comment on jira HAL-216

It seems the recent changes to the resource model prevent the former use cases. Now it's not possible anymore to add servers as a scoped role or modify an existing group within thr roles scope.
Comment 5 JBoss JIRA Server 2013-10-09 07:27:28 UTC 
Heiko Braun <ike.braun> made a comment on jira HAL-216

Same role configuration did grant access to modify the server groups and servers in 6.2.ER3
Comment 6 JBoss JIRA Server 2013-10-12 20:50:14 UTC 
Brian Stansberry <brian.stansberry> made a comment on jira HAL-216

I don't experience problems doing things with the console against master. I'll see if there are problems with the EAP branch.

There are some commits in master that aren't in EAP yet, but AFAIK it's just stuff that I didn't port back because of the concerns raised here and on the related JIRAs.
Comment 8 JBoss JIRA Server 2013-10-14 18:50:48 UTC 
Heiko Braun <ike.braun> made a comment on jira HAL-216

To prevent totoal confusion I have moved th related issue to https://issues.jboss.org/browse/HAL-276 and will be closing this one.
Comment 9 JBoss JIRA Server 2013-10-14 18:50:56 UTC 
Heiko Braun <ike.braun> updated the status of jira HAL-216 to Resolved
Comment 10 Jakub Cechacek 2013-11-05 12:43:01 UTC 
Verified 6.2.0.ER7