+++ This bug was initially created as a clone of Bug #1320502 +++

Description of problem:

Sometimes customers need change the "admin" and "analyst" roles names because of naming norms. Customizing built-in permissions and roles is possible by editing "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/web.xml" and "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/classes/workbench-policy.properties" files. However, when trying to access the administration, we get "Activity not found" message in a dialog box. It is because of role "admin" text is hardcoded into AdministrationPerspective [1].

[1] https://github.com/droolsjbpm/kie-wb-distributions/blob/6.3.x/kie-drools-wb/kie-drools-wb-webapp/src/main/java/org/kie/workbench/drools/client/perspectives/AdministrationPerspective.java#L52


Version-Release number of selected component (if applicable):

BxMS 6.x

How reproducible:

When you create a new role say "superuser" with all privileges and setup exactly as we have for default "admin" role in descriptor file, all features are displayed  as directed on workbench-policy.properties file in home page. However, when trying to access the administration, we get "Activity not found" message in a dialog box.

Steps to Reproduce:

1. Adding a new role "superuser" for a user in "jboss-eap-6.1/standalone/configuration/configuration/application-roles.properties". This role should be equivalent to "admin".

2. Adding the new role "superuser" in the different section of "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/web.xml" file:

~~~
...
  <!-- security settings -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>download</web-resource-name>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
      <role-name>analyst</role-name>
      <role-name>superuser</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>console</web-resource-name>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
      <role-name>analyst</role-name>
      <role-name>superuser</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>formModeler</web-resource-name>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
      <role-name>analyst</role-name>
      <role-name>superuser</role-name>
    </auth-constraint>
  </security-constraint>
...
  <security-role>
    <description>Administrator - Administrates the BRMS system. Has full access
      rights to make any changes necessary. Also has the
      ability to add and remove users from the system.
    </description>
    <role-name>superuser</role-name>
  </security-role>
...
~~~

3. Modifying the property "roles.wb_everything" value changing to the new role "superuser" in the different section of "jboss-eap-6.1/standalone/deployments/business-central.war/WEB-INF/classes/workbench-policy.properties" file:

~~~
#roles.wb_everything=admin
roles.wb_everything=superuser
~~~

4. Start application.

5. Login to business-central with the user/password which has the new admin role ("superuser").

6. Go to Authoring/Administration.

Actual results:

When you go to Authoring/Administration, you get an error Activity not found.   

Expected results:

Going to Authoring/Administration without error with the new admin role.

--- Additional comment from JBoss Product and Program Management on 2016-03-23 07:20:07 EDT ---

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from  on 2016-03-31 09:45:46 EDT ---

@dgutierr - CC'ed you as this is an example of Customers not wanting *any* hard-coded groups.. even "admin". Something to consider for the new ACL work..