Red Hat Bugzilla – Bug 1015569
RBAC: Host Scoped administrator can't read sensitive resources
Last modified: 2015-02-01 18:00:38 EST
Description of problem:
Host Scoped administrator can't read sensitive resources, eg. Datasource credentials, Profiles->Security->Security Domains
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. log as host scoped administrator
2. go to Profiles->Security->Security Domains
Authorisation Required You don't have the permissions to access this resource!
Access to this resource.
Brian, is this expected? AFAIK host scoped, actually means host scoped and monitor permissions everywhere else.
The current behavior is the intended behavior. A scoped role has the powers of the base role it's derived from for resources within its scope, and has monitor-level permissions elsewhere.
The Administrators for a set of hosts or server group may have no reason to know sensitive information unrelated to their area of responsibility.
Closing as this is not an issue, rather misunderstanding on QE side.