Bug 999455
Summary: | Kie-user and admin don't have permissions to send and consume JMS messages | ||
---|---|---|---|
Product: | [Retired] JBoss BRMS Platform 6 | Reporter: | Ivo Bek <ibek> |
Component: | Build and Assembly | Assignee: | Ryan Zhang <rzhang> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ivo Bek <ibek> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.0.0 | CC: | atangrin, etirelli, ibek, jcoleman, lpetrovi, mbaluch, mrietvel, mswiders, paradhya, rrajasek, rzhang |
Target Milestone: | ER5 | ||
Target Release: | 6.0.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-08-06 20:19:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivo Bek
2013-08-21 11:03:37 UTC
Hi Ivo, JMS rights are different from REST rights, so to speak, and JMS is also not used in the same way: it's in fact possible (likely?) that users will want a different user to have access to the JMS queues than the users who have access to the UI and REST api. Would it be okay to add documentation describing how to modify the standalone(-full).xml (or domain.xml) to give access to the queues? Hi Marco, I believe that the product should be pre-configured to include the roles Ivo mentioned above. That would be up to productization though. Other than that I believe that documenting the proper way to change the groups would be sufficient. If you don't mind I will change the Component to 'Build and Assembly'. @M Marek, That sounds good. I've chancged the component. Would you mind assigning this to the right person? (Doug? Nick?) Internal Whiteboard: Beta Blocker → Blocker Not critical for Beta, but need to address for GA It has been fixed and will target it on ER4. FailedQA in BPMS-6.0.0.ER4: the standalone.xml and standalone-full.xml still don't contain group admin and/or (kie-user, analyst). <security-setting match="#"> <permission type="send" roles="guest"/> <permission type="consume" roles="guest"/> <permission type="createNonDurableQueue" roles="guest"/> <permission type="deleteNonDurableQueue" roles="guest"/> </security-setting> this is my proposal of the expected configuration: <security-setting match="KIE.#"> <!-- probably I would change the queue match for the queues in business central only --> <permission type="send" roles="admin"/> <!-- at least admin should be able to send JMS', the same for consume --> <permission type="consume" roles="admin"/> <permission type="createNonDurableQueue" roles="admin"/> <permission type="deleteNonDurableQueue" roles="admin"/> </security-setting> Verified in BPMS 6.0.0.ER5 |