Bug 536414 (RHQ-766)
| Summary: | Non-privileged users should not even see the admin functions they don't have access to | ||
|---|---|---|---|
| Product: | [Other] RHQ Project | Reporter: | Jeff Weiss <jweiss> |
| Component: | No Component | Assignee: | RHQ Project Maintainer <rhq-maint> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1.1pre | CC: | dajohnso |
| Target Milestone: | --- | Keywords: | Improvement |
| Target Release: | --- | Flags: | jweiss:
archived+
|
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://jira.rhq-project.org/browse/RHQ-766 | ||
| Whiteboard: | |||
| Fixed In Version: | 1.2 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jeff Weiss
2008-08-28 18:18:00 UTC
From IT#218424 " However, even if the logged in LDAP user has no roles associated with it, the user is able to access the Administration section from within the JBoss ON GUI. I think this is a severe security limitation. The logged in LDAP user can view users, list the current roles, can see the server configuration etc. Although it is not able to modify any settings, I think the user should not be able to see such key information and Administration settings. " when mazz move all of the functions from the administration page up until the menu bar, he also made sure to handle display of the menu items based on the user's permissions. This bug was previously known as http://jira.rhq-project.org/browse/RHQ-766 |