First Last Prev Next    This bug is not in your last search results.
Bug 1012579 - RBAC: Administrator should be prevented from modifying super user and auditor roles.
RBAC: Administrator should be prevented from modifying super user and auditor...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ER4
: EAP 6.2.0
Assigned To: Darran Lofthouse
Ladislav Thon
Russell Dickenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-26 12:36 EDT by Darran Lofthouse
Modified: 2013-12-15 11:23 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-15 11:23:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker WFLY-2087 Critical Resolved Administrator should be prevented from modifying super user and auditor roles. 2016-02-15 12:06 EST

  None (edit)
Description Darran Lofthouse 2013-09-26 12:36:01 EDT 
Description of problem:

The SuperUser role has the ability to do absolutely anything and the Auditor role has full control of what audit logging occurs - for this reason the Administrator should not be able to modify either of these roles as they could effectively add themselves.
Comment 6 Vladimir Dosoudil 2013-10-16 07:44:04 EDT 
Merged in
 * https://github.com/jbossas/jboss-eap/commit/ea931ed
 * https://github.com/jbossas/jboss-eap/commit/3104bc7
Included in EAP 6.2.0 ER 4.
Comment 7 Ladislav Thon 2013-10-21 05:48:58 EDT 
Verified with EAP 6.2.0.ER6.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.