Bug 724174 (BRMS-117)

Summary: Documentation task - need to include this in renotes for BRMS GA
Product: [JBoss] JBoss Enterprise BRMS Platform 5 Reporter: Len DiMaggio <ldimaggi>
Component: DocumentationAssignee: Dana Mison <dmison>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: high    
Version: 5.0.0.CR2   
Target Milestone: ---   
Target Release: 5.0.0 GA   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/BRMS-117
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-02 18:04:49 UTC Type: Task
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Len DiMaggio 2009-05-12 13:39:06 UTC 
Affects: Documentation (Ref Guide, User Guide, etc.)
Date of First Response: 2009-05-18 05:34:46
securitylevel_name: Public

We should add this to the re notes:

The BRMS workspace grants full trust to a user logged into the system, therefore it is necessary to isolate the EAP instance where BRMS is deployed from production servers.
Comment 2 Dana Mison 2009-05-18 09:34:46 UTC 
Added known issue:

Full-trust is granted to logged in users. 

The BRMS workspace grants full trust to users logged in to the BRMS Platform. It is recommended 
that you isolate the Application Server instance where the BRMS Platform is deployed from other 
production servers.

The following security precautions allow you to work with the BRMS Platform full trust model without 
impairing your production environment: 

• Install the BRMS Platform server on a non-production EAP instance without co-located applications 
• Install the BRMS server in a non-production trust zone, with the trust level of an employee 
workstation. 
• Define least-privilege permissions for the database user account being used for the BRMS 
database. 
• Define least-privilege permissions for the JVM process running the BRMS Platform server at the OS 
level. 
Additional information: 

NOTE - no JIRA is known for referal
Comment 3 Len DiMaggio 2010-03-02 18:04:49 UTC 
Verified in the docs here: 

http://www.redhat.com/docs/en-US/JBoss_Enterprise_BRMS_Platform/5.0.1/html-single/Release_Notes/index.html
Comment 4 Len DiMaggio 2010-12-10 16:25:11 UTC 
Link: Added: This issue Cloned to BRMS-510