Bug 1015569 - RBAC: Host Scoped administrator can't read sensitive resources
Summary: RBAC: Host Scoped administrator can't read sensitive resources
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Heiko Braun
QA Contact: Jakub Cechacek
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-04 14:03 UTC by Zbyněk Roubalík
Modified: 2015-02-01 23:00 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-10-07 10:18:40 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Zbyněk Roubalík 2013-10-04 14:03:09 UTC 
Description of problem:
Host Scoped administrator can't read sensitive resources, eg. Datasource credentials, Profiles->Security->Security Domains

Version-Release number of selected component (if applicable):
EAP 6.2.0.ER4

Steps to Reproduce:
1. log as host scoped administrator
2. go to Profiles->Security->Security Domains 

Actual results:
Authorisation Required You don't have the permissions to access this resource!

Expected results:
Access to this resource.
Comment 1 Heiko Braun 2013-10-04 14:07:34 UTC 
Brian, is this expected? AFAIK host scoped, actually means host scoped and monitor permissions everywhere else.
Comment 2 Brian Stansberry 2013-10-04 14:36:20 UTC 
The current behavior is the intended behavior. A scoped role has the powers of the base role it's derived from for resources within its scope, and has monitor-level permissions elsewhere.

The Administrators for a set of hosts or server group may have no reason to know sensitive information unrelated to their area of responsibility.
Comment 3 Jakub Cechacek 2013-10-07 10:18:40 UTC 
Closing as this is not an issue, rather misunderstanding on QE side.
Note You need to log in before you can comment on or make changes to this bug.