I think there is a problem with regular expression in file etc/org.apache.karaf.command.acl.system.cfg
Specifically:
start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100 start-level[/[^0-9]*/] = viewer # viewer can obtain the current start level start-level = admin # admin can set any start level, including < 100
I think the first one (for manager) should have the first numeric bracket starting with 1 except for 0.
The 2nd one means, I can run
system:start-level
as a viewer, but the 3rd regular expression says, that only admin can do that. Isn't it supposed to be, that
system:start-level
can be run by every user and
system:start-level
with number < 100 only by admin? So that 2nd regex should be:
start-level[/.*[0-9]([0-9])?.*/] = admin
- is related to
-
ENTESB-4430 Missing explicit RBAC policies either in Standalone or in Fabric
- Closed