Red Hat Bugzilla – Bug 1001992
Cannot complete tasks which requires 'stage' role in DTGov
Last modified: 2015-08-02 19:44:30 EDT
Description of problem:
org.overlord.sramp.atom.err.SrampAtomException: Permission denied to perform actions "[read]" on path <unknown>
Server stack trace: http://pastebin.test.redhat.com/160778
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install DTGov
2. Create new deployment
3. Complete user tasks of the Release Process to 'Stage' env
4. Log in to DTGov with user 'Scott' (or diferent with role 'stage')
* Cannot list deployments at http://localhost:8080/dtgov-ui/#deployments
* Cannot complete appropriate tasks which requires 'stage' role. User can list the tasks but cannot open task details and complete the task.
* User can complete tasks requireing 'stage' role
* To complete task user probably needs some additional roles associated (admin|sramp). Current configuration doesn't allow to complete task only with roles overlorduser,stage.
Eric Wittmann <email@example.com> updated the status of jira SRAMP-236 to Resolved
Eric Wittmann <firstname.lastname@example.org> updated the status of jira SRAMP-236 to Closed
The overlord-idp-roles.properties JAAS configuration file used by the Overlord IDP was missing a critical ModeShape role. This role was needed so that users could actually perform s-ramp operations. Without this, parts of DTGov would fail.
The role is:
I have added this role to all users in the IDP's jaas config file here:
The patch probably hasn't maded to ER2 build. I've installed FSW + DTGov 6.0.0.ER2 via instaler and the standalone/configuration/overlord-idp-roles.properties file still contains wrong roles configuration:
Note that the fix in community is in the overlord-commons (overlord-commons-idp) project. I have confirmed that I *did* merge that change into the product branch in github. So Stefan is probably right - the change didn't make it into ER2...
Verified in FSW 6.0.0.ER3. By default only 1 user is active (admin), others are disabled but roles are properly configured.