Bug 1016546 - RBAC: [Usability] Unclear error message when trying to configure Auditor role as Administrator
Summary: RBAC: [Usability] Unclear error message when trying to configure Auditor role...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console - UX
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: DR8
: EAP 6.4.0
Assignee: Harald Pehl
QA Contact: Pavel Jelinek
eap-docs
URL:
Whiteboard: Usability
Depends On:
Blocks: 1021418 1146502 1158795
TreeView+ depends on / blocked
 
Reported: 2013-10-08 10:37 UTC by Jakub Cechacek
Modified: 2019-08-19 12:42 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, if a user attempted to perform an operation which they did not have permission to execute, they would receive the following error message: *You don't have the permissions to access this resource!* This message could be confusing to users as they were attempting to perform an operation, not attempting to access a resource. This error text has been clarified and now reads: *You don't have the permissions to perform this operation!*
Clone Of:
Environment:
Last Closed: 2014-07-09 11:38:15 UTC
Type: Task


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
JBoss Issue Tracker HAL-281 Major Resolved Unclear error message when trying to configure Auditor role as Administrator 2017-10-10 05:36:23 UTC
JBoss Issue Tracker HAL-292 Minor Resolved Improve error message for unauthorized operations 2017-10-10 05:36:23 UTC

Description Jakub Cechacek 2013-10-08 10:37:00 UTC
Trying to set "include-all" attribute for Auditor or SuperUser role will end up with
"Failed to save XYZ" error message on save. 

I can see two issues in this

1) Usability - Error message should at least provide the information about why the operation failed
2) AFAIK "include-all" can be set for every role mapping. Why is this in console different?  If this is meant as extra level of protection (I understand that both SuperUser and Auditor can read sensitive resources) then Administrator role should be included in this restriction as well.

Comment 2 Jakub Cechacek 2013-10-08 13:51:45 UTC
Rephrasing this issue as it was explained to me that this is the intended behavior.

Thus the only issue remaining here is usability - "Failed to save" doesn't provide  much information about what happened.. .

Comment 3 Jakub Cechacek 2013-10-12 16:14:02 UTC
After revisiting this issue I think that the best approach would be to hide "Auditor" and "SuperUser" roles from "Add role mapping" and "Edit role mapping" dialogs for users with administrator role. This will avoid the confusion completely.

Comment 4 JBoss JIRA Server 2013-10-15 19:09:17 UTC
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-281 to Coding In Progress

Comment 5 JBoss JIRA Server 2013-10-15 20:13:42 UTC
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-281 to Resolved

Comment 6 JBoss JIRA Server 2013-10-15 20:13:42 UTC
Harald Pehl <hpehl@redhat.com> made a comment on jira HAL-281

When the operation is not allowed, the error message reflects this.

Comment 7 Jakub Cechacek 2013-10-31 13:04:04 UTC
New message is certainly an improvement, however I am still not satisfied. 

Message "You don't have the permissions to access this resource!" is obviously incorrect, as I can read the resource, and thus confusing. Something like "You don't have the permissions to perform this operation!" might be more suitable.

Comment 8 Scott Mumford 2013-12-02 02:05:28 UTC
Modified Doc Text content and marked for inclusion in the 6.2 Release Notes document.

Comment 10 Heiko Braun 2014-07-09 11:38:15 UTC
In agreement with Catherine we've decided that UX issues will be tracked separately.

Comment 11 Jakub Cechacek 2014-07-21 09:59:39 UTC
Issue moved under the UX component. 

Also moved to 6.4 as this issue is still valid for 6.3. Use ack flags to decide whether we want to go through with it or not.

Comment 12 Catherine Robson 2014-08-01 17:20:55 UTC
UX will add this to the list of messages shown throughout the console that we need to review and improve with Dev & Doc.

Comment 13 John Doyle 2014-08-21 13:15:04 UTC
Can me make the change in comment 7 and close this?

Comment 14 JBoss JIRA Server 2014-09-23 09:27:12 UTC
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-292 to Resolved

Comment 15 Harald Pehl 2014-09-23 09:30:45 UTC
Changed according to comment 7

Comment 16 Jakub Cechacek 2014-10-02 09:22:39 UTC
DR3 still contains the message

"Failed to save Auditor

You don't have the permissions to access this resource!"


see comment 7

Comment 17 Jakub Cechacek 2014-11-13 13:30:31 UTC
Verified 6.4.0.DR9

Comment 21 Harald Pehl 2015-03-02 07:26:16 UTC
The error message now reads as "You don't have the permissions to perform this operation!"

See updated doc text.


Note You need to log in before you can comment on or make changes to this bug.