Bug 1015569
| Summary: | RBAC: Host Scoped administrator can't read sensitive resources | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Zbyněk Roubalík <zroubali> |
| Component: | Web Console | Assignee: | Heiko Braun <hbraun> |
| Status: | CLOSED NOTABUG | QA Contact: | Jakub Cechacek <jcechace> |
| Severity: | unspecified | Docs Contact: | Russell Dickenson <rdickens> |
| Priority: | unspecified | ||
| Version: | 6.2.0 | CC: | brian.stansberry, bstansberry, jkudrnac |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-10-07 10:18:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Zbyněk Roubalík
2013-10-04 14:03:09 UTC
Brian, is this expected? AFAIK host scoped, actually means host scoped and monitor permissions everywhere else. The current behavior is the intended behavior. A scoped role has the powers of the base role it's derived from for resources within its scope, and has monitor-level permissions elsewhere. The Administrators for a set of hosts or server group may have no reason to know sensitive information unrelated to their area of responsibility. Closing as this is not an issue, rather misunderstanding on QE side. |