Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1012579

Summary: RBAC: Administrator should be prevented from modifying super user and auditor roles.
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Darran Lofthouse <darran.lofthouse>
Component: Domain ManagementAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED CURRENTRELEASE QA Contact: Ladislav Thon <lthon>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: unspecifiedCC: brian.stansberry, dosoudil, emuckenh
Target Milestone: ER4   
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:23:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Darran Lofthouse 2013-09-26 16:36:01 UTC 
Description of problem:

The SuperUser role has the ability to do absolutely anything and the Auditor role has full control of what audit logging occurs - for this reason the Administrator should not be able to modify either of these roles as they could effectively add themselves.
Comment 6 Vladimir Dosoudil 2013-10-16 11:44:04 UTC 
Merged in
 * https://github.com/jbossas/jboss-eap/commit/ea931ed
 * https://github.com/jbossas/jboss-eap/commit/3104bc7
Included in EAP 6.2.0 ER 4.
Comment 7 Ladislav Thon 2013-10-21 09:48:58 UTC 
Verified with EAP 6.2.0.ER6.