Bug 1016546 - RBAC: [Usability] Unclear error message when trying to configure Auditor role as Administrator
RBAC: [Usability] Unclear error message when trying to configure Auditor role...
Status: VERIFIED
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console - UX (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity low
: DR8
: EAP 6.4.0
Assigned To: Harald Pehl
Pavel Jelinek
eap-docs
Usability
: Reopened
Depends On:
Blocks: 1146502 1158795 1021418
  Show dependency treegraph
 
Reported: 2013-10-08 06:37 EDT by Jakub Cechacek
Modified: 2018-03-06 15:36 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, if a user attempted to perform an operation which they did not have permission to execute, they would receive the following error message: *You don't have the permissions to access this resource!* This message could be confusing to users as they were attempting to perform an operation, not attempting to access a resource. This error text has been clarified and now reads: *You don't have the permissions to perform this operation!*
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-07-09 07:38:15 EDT
Type: Task
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker HAL-281 Major Resolved Unclear error message when trying to configure Auditor role as Administrator 2017-10-10 01:36 EDT
JBoss Issue Tracker HAL-292 Minor Resolved Improve error message for unauthorized operations 2017-10-10 01:36 EDT

  None (edit)
Description Jakub Cechacek 2013-10-08 06:37:00 EDT
Trying to set "include-all" attribute for Auditor or SuperUser role will end up with
"Failed to save XYZ" error message on save. 

I can see two issues in this

1) Usability - Error message should at least provide the information about why the operation failed
2) AFAIK "include-all" can be set for every role mapping. Why is this in console different?  If this is meant as extra level of protection (I understand that both SuperUser and Auditor can read sensitive resources) then Administrator role should be included in this restriction as well.
Comment 2 Jakub Cechacek 2013-10-08 09:51:45 EDT
Rephrasing this issue as it was explained to me that this is the intended behavior.

Thus the only issue remaining here is usability - "Failed to save" doesn't provide  much information about what happened.. .
Comment 3 Jakub Cechacek 2013-10-12 12:14:02 EDT
After revisiting this issue I think that the best approach would be to hide "Auditor" and "SuperUser" roles from "Add role mapping" and "Edit role mapping" dialogs for users with administrator role. This will avoid the confusion completely.
Comment 4 JBoss JIRA Server 2013-10-15 15:09:17 EDT
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-281 to Coding In Progress
Comment 5 JBoss JIRA Server 2013-10-15 16:13:42 EDT
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-281 to Resolved
Comment 6 JBoss JIRA Server 2013-10-15 16:13:42 EDT
Harald Pehl <hpehl@redhat.com> made a comment on jira HAL-281

When the operation is not allowed, the error message reflects this.
Comment 7 Jakub Cechacek 2013-10-31 09:04:04 EDT
New message is certainly an improvement, however I am still not satisfied. 

Message "You don't have the permissions to access this resource!" is obviously incorrect, as I can read the resource, and thus confusing. Something like "You don't have the permissions to perform this operation!" might be more suitable.
Comment 8 Scott Mumford 2013-12-01 21:05:28 EST
Modified Doc Text content and marked for inclusion in the 6.2 Release Notes document.
Comment 10 Heiko Braun 2014-07-09 07:38:15 EDT
In agreement with Catherine we've decided that UX issues will be tracked separately.
Comment 11 Jakub Cechacek 2014-07-21 05:59:39 EDT
Issue moved under the UX component. 

Also moved to 6.4 as this issue is still valid for 6.3. Use ack flags to decide whether we want to go through with it or not.
Comment 12 Catherine Robson 2014-08-01 13:20:55 EDT
UX will add this to the list of messages shown throughout the console that we need to review and improve with Dev & Doc.
Comment 13 John Doyle 2014-08-21 09:15:04 EDT
Can me make the change in comment 7 and close this?
Comment 14 JBoss JIRA Server 2014-09-23 05:27:12 EDT
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-292 to Resolved
Comment 15 Harald Pehl 2014-09-23 05:30:45 EDT
Changed according to comment 7
Comment 16 Jakub Cechacek 2014-10-02 05:22:39 EDT
DR3 still contains the message

"Failed to save Auditor

You don't have the permissions to access this resource!"


see comment 7
Comment 17 Jakub Cechacek 2014-11-13 08:30:31 EST
Verified 6.4.0.DR9
Comment 21 Harald Pehl 2015-03-02 02:26:16 EST
The error message now reads as "You don't have the permissions to perform this operation!"

See updated doc text.

Note You need to log in before you can comment on or make changes to this bug.