Bug 1012600 - RBAC: [Usability] Remove your own role mapping leads to error
RBAC: [Usability] Remove your own role mapping leads to error
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console (Show other bugs)
Unspecified Unspecified
unspecified Severity low
: DR3
: EAP 6.4.0
Assigned To: Harald Pehl
Pavel Jelinek
: Reopened
Depends On:
Blocks: 1146502 1021418
  Show dependency treegraph
Reported: 2013-09-26 13:33 EDT by Jakub Cechacek
Modified: 2017-10-09 20:11 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
Cause: Consequence: Workaround (if any): Results:
Story Points: ---
Clone Of:
Last Closed: 2014-07-09 07:38:13 EDT
Type: Task
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker HAL-282 Major Resolved Remove role mapping of current user leads to error 2017-10-10 01:36 EDT
JBoss Issue Tracker HAL-292 Minor Resolved Improve error message for unauthorized operations 2017-10-10 01:36 EDT
JBoss Issue Tracker HAL-496 Major Open Prevent user to remove his own administrative roles in role assignment 2017-10-10 01:36 EDT

  None (edit)
Description Jakub Cechacek 2013-09-26 13:33:06 EDT
An attempt to remove role mapping of currently authenticated user leads to an error. Even though this might be in fact a feature, but in such case user should be informed about this fact in other way than standard error. At least the error message should contain the explanation why the removal failed.
Comment 1 JBoss JIRA Server 2013-10-15 16:28:01 EDT
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-282 to Resolved
Comment 2 JBoss JIRA Server 2013-10-15 16:28:01 EDT
Harald Pehl <hpehl@redhat.com> made a comment on jira HAL-282

Fixed by HAL-281. The error message reads now "You don't have the permissions to access this resource!"
Comment 3 Jakub Cechacek 2013-10-31 10:01:06 EDT
This is the very same case as BZ1016546. The problem here might be the fact that this error message is shared among all unauthorized operations, thus it might be a bit confusing in some cases. 

Returning back to assigned, however I've changed the severity to low.
Comment 4 Heiko Braun 2014-07-09 07:38:13 EDT
In agreement with Catherine we've decided that UX issues will be tracked separately.
Comment 5 Jakub Cechacek 2014-07-21 02:45:05 EDT
Issue moved under the UX component. 

Also moved to 6.4 as this issue is still valid for 6.3. Use ack flags to decide whether we want to go through with it or not.
Comment 6 John Doyle 2014-08-21 09:24:58 EDT
Can we update the description of the BZ.  Does current user mean any user that's logged into the console currently, or does it refer to a user that's trying to modify his own role assignments?

Ideally, we would present an error message that is specific to the task that a user is trying to perform.  So in this case we would mention that a 'role assignments could not be changed be because you don't have access to resource X'.
Comment 7 Jakub Cechacek 2014-08-21 10:33:25 EDT
User that's trying to modify his own role assignments.
Comment 8 JBoss JIRA Server 2014-09-23 05:27:14 EDT
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-292 to Resolved
Comment 9 Pavel Jelinek 2014-10-02 09:46:19 EDT
This particular issue is fixed for EAP 6.4.0.DR3 but there are other related issues which I will report tomorrow.

Note You need to log in before you can comment on or make changes to this bug.