Bug 1018521

Summary: RBAC: role-mapping are assumed to be in form of type-principal@realm in Role assignment administration
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Jakub Cechacek <jcechace>
Component: Web ConsoleAssignee: Heiko Braun <hbraun>
Status: CLOSED CURRENTRELEASE QA Contact: Jakub Cechacek <jcechace>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.2.0CC: brian.stansberry, hpehl, jkudrnac, lthon
Target Milestone: ER7   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
Causes: Consequence: Workaround (if any): Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:19:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jakub Cechacek 2013-10-12 21:11:24 UTC 
Console assumes that all role-mappings names are in form of type-principal@realm (e.g. user-someuser@SomeRealm or group-somegroup@SomeRealm). Consequently it is not possible to manage role mappings created through other management interfaces and named differently.  

Steps to reproduce:

1) create role mapping
/core-service=management/access=authorization/role-mapping=MONITOR:add()
/core-service=management/access=authorization/role-mapping=MONITOR/include=monitor:add(name=monitor, type=user, realm=ManagementRealm)

2) Navigate to Administration - Role Assignment 
3) Try to remove role assignments for user monitor 

Expected result: role-mappings for user monitor are removed
Actual result: Error message (Unable to remove...) due to different naming than expected.
Comment 1 JBoss JIRA Server 2013-10-13 21:09:16 UTC 
Harald Pehl <hpehl> made a comment on jira HAL-272

Fixed the wrong addressing "type-principal@realm". Mappings created through other management interfaces like the CLI are honored now. 

However there's still one open issue: When creating a role-mapping through the CLI using a non-formal role name like "MONITOR", the role name is used as is in the persistent configuration (instead the formal role name "Monitor"). This causes the problems described above. In other words the fix is only valid if formal role names are used in all management interfaces.
Comment 2 JBoss JIRA Server 2013-10-14 10:25:52 UTC 
Harald Pehl <hpehl> updated the status of jira HAL-272 to Resolved
Comment 3 Harald Pehl 2013-10-29 13:51:10 UTC 
Fixed in HAL 2.0.5.Final
Comment 4 Jakub Cechacek 2013-10-31 14:03:33 UTC 
Verified 6.2.0.ER7