Affects: Documentation (Ref Guide, User Guide, etc.) Date of First Response: 2009-05-18 05:34:46 securitylevel_name: Public We should add this to the re notes: The BRMS workspace grants full trust to a user logged into the system, therefore it is necessary to isolate the EAP instance where BRMS is deployed from production servers.
Added known issue: Full-trust is granted to logged in users. The BRMS workspace grants full trust to users logged in to the BRMS Platform. It is recommended that you isolate the Application Server instance where the BRMS Platform is deployed from other production servers. The following security precautions allow you to work with the BRMS Platform full trust model without impairing your production environment: • Install the BRMS Platform server on a non-production EAP instance without co-located applications • Install the BRMS server in a non-production trust zone, with the trust level of an employee workstation. • Define least-privilege permissions for the database user account being used for the BRMS database. • Define least-privilege permissions for the JVM process running the BRMS Platform server at the OS level. Additional information: NOTE - no JIRA is known for referal
Verified in the docs here: http://www.redhat.com/docs/en-US/JBoss_Enterprise_BRMS_Platform/5.0.1/html-single/Release_Notes/index.html
Link: Added: This issue Cloned to BRMS-510