Description of problem: org.overlord.sramp.atom.err.SrampAtomException: Permission denied to perform actions "[read]" on path <unknown> Server stack trace: http://pastebin.test.redhat.com/160778 Version-Release number of selected component (if applicable): How reproducible: * Always Steps to Reproduce: 1. Install DTGov 2. Create new deployment 3. Complete user tasks of the Release Process to 'Stage' env 4. Log in to DTGov with user 'Scott' (or diferent with role 'stage') Actual results: * Cannot list deployments at http://localhost:8080/dtgov-ui/#deployments * Cannot complete appropriate tasks which requires 'stage' role. User can list the tasks but cannot open task details and complete the task. Expected results: * User can complete tasks requireing 'stage' role Additional info: * To complete task user probably needs some additional roles associated (admin|sramp). Current configuration doesn't allow to complete task only with roles overlorduser,stage.
Eric Wittmann <eric.wittmann> updated the status of jira SRAMP-236 to Resolved
Eric Wittmann <eric.wittmann> updated the status of jira SRAMP-236 to Closed
The overlord-idp-roles.properties JAAS configuration file used by the Overlord IDP was missing a critical ModeShape role. This role was needed so that users could actually perform s-ramp operations. Without this, parts of DTGov would fail. The role is: admin.sramp I have added this role to all users in the IDP's jaas config file here: https://github.com/Governance/overlord-commons/blob/master/overlord-commons-idp/src/main/resources/overlord-idp-roles.properties
The patch probably hasn't maded to ER2 build. I've installed FSW + DTGov 6.0.0.ER2 via instaler and the standalone/configuration/overlord-idp-roles.properties file still contains wrong roles configuration: admin=overlorduser,overlordadmin eric=overlorduser,admin.sramp,dev,qa gary=overlorduser,admin.sramp,dev,qa kevin=overlorduser,admin.sramp,dev,qa kurt=overlorduser,admin.sramp,dev,qa greg=overlorduser,qa david=overlorduser,qa scott=overlorduser,stage phil=overlorduser,prod
Note that the fix in community is in the overlord-commons (overlord-commons-idp) project. I have confirmed that I *did* merge that change into the product branch in github. So Stefan is probably right - the change didn't make it into ER2...
Verified in FSW 6.0.0.ER3. By default only 1 user is active (admin), others are disabled but roles are properly configured.