Bug 1010665 - RBAC: CRUD operations over Server Groups should not be allowed for Group Scoped Roles
RBAC: CRUD operations over Server Groups should not be allowed for Group Scop...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console (Show other bugs)
6.2.0
Unspecified Unspecified
urgent Severity urgent
: ER7
: ---
Assigned To: Harald Pehl
Jakub Cechacek
Russell Dickenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-22 06:58 EDT by Jakub Cechacek
Modified: 2015-02-01 18:00 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
Cause: Consequence: Workaround (if any): Results:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-15 11:18:15 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker HAL-216 Major Resolved CRUD operations over Server Groups should not be allowed for Group Scoped Roles 2016-12-14 14:47 EST

  None (edit)
Description Jakub Cechacek 2013-09-22 06:58:04 EDT
Group Scoped Maintainers / Administrators don't have permissions to create / delete server groups. Thus control elements should not be displayed to them. 

Attempt to create new group as such role leads to error message "Failed to add TestGroup"
Comment 1 JBoss JIRA Server 2013-10-02 04:55:09 EDT
Heiko Braun <ike.braun@googlemail.com> updated the status of jira HAL-216 to Resolved
Comment 2 JBoss JIRA Server 2013-10-02 04:55:09 EDT
Heiko Braun <ike.braun@googlemail.com> made a comment on jira HAL-216

Duplicates HAL-236
Comment 3 JBoss JIRA Server 2013-10-02 04:55:26 EDT
Heiko Braun <ike.braun@googlemail.com> updated the status of jira HAL-216 to Reopened
Comment 4 JBoss JIRA Server 2013-10-09 03:22:10 EDT
Heiko Braun <ike.braun@googlemail.com> made a comment on jira HAL-216

It seems the recent changes to the resource model prevent the former use cases. Now it's not possible anymore to add servers as a scoped role or modify an existing group within thr roles scope.
Comment 5 JBoss JIRA Server 2013-10-09 03:27:28 EDT
Heiko Braun <ike.braun@googlemail.com> made a comment on jira HAL-216

Same role configuration did grant access to modify the server groups and servers in 6.2.ER3
Comment 6 JBoss JIRA Server 2013-10-12 16:50:14 EDT
Brian Stansberry <brian.stansberry@redhat.com> made a comment on jira HAL-216

I don't experience problems doing things with the console against master. I'll see if there are problems with the EAP branch.

There are some commits in master that aren't in EAP yet, but AFAIK it's just stuff that I didn't port back because of the concerns raised here and on the related JIRAs.
Comment 8 JBoss JIRA Server 2013-10-14 14:50:48 EDT
Heiko Braun <ike.braun@googlemail.com> made a comment on jira HAL-216

To prevent totoal confusion I have moved th related issue to https://issues.jboss.org/browse/HAL-276 and will be closing this one.
Comment 9 JBoss JIRA Server 2013-10-14 14:50:56 EDT
Heiko Braun <ike.braun@googlemail.com> updated the status of jira HAL-216 to Resolved
Comment 10 Jakub Cechacek 2013-11-05 07:43:01 EST
Verified 6.2.0.ER7

Note You need to log in before you can comment on or make changes to this bug.