First Last Prev Next    This bug is not in your last search results.
Bug 1015569 - RBAC: Host Scoped administrator can't read sensitive resources
RBAC: Host Scoped administrator can't read sensitive resources
Status: CLOSED NOTABUG
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Heiko Braun
Jakub Cechacek
Russell Dickenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-04 10:03 EDT by Zbyněk Roubalík
Modified: 2015-02-01 18:00 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-07 06:18:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Zbyněk Roubalík 2013-10-04 10:03:09 EDT 
Description of problem:
Host Scoped administrator can't read sensitive resources, eg. Datasource credentials, Profiles->Security->Security Domains

Version-Release number of selected component (if applicable):
EAP 6.2.0.ER4

Steps to Reproduce:
1. log as host scoped administrator
2. go to Profiles->Security->Security Domains 

Actual results:
Authorisation Required You don't have the permissions to access this resource!

Expected results:
Access to this resource.
Comment 1 Heiko Braun 2013-10-04 10:07:34 EDT 
Brian, is this expected? AFAIK host scoped, actually means host scoped and monitor permissions everywhere else.
Comment 2 Brian Stansberry 2013-10-04 10:36:20 EDT 
The current behavior is the intended behavior. A scoped role has the powers of the base role it's derived from for resources within its scope, and has monitor-level permissions elsewhere.

The Administrators for a set of hosts or server group may have no reason to know sensitive information unrelated to their area of responsibility.
Comment 3 Jakub Cechacek 2013-10-07 06:18:40 EDT 
Closing as this is not an issue, rather misunderstanding on QE side.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.