Uploaded image for project: 'A-MQ Broker'
  1. A-MQ Broker
  2. ENTMQBR-944

[AMQ7, Hawtio, RBAC] User gets no feedback if operation access was denied by RBAC

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: AMQ 7.1.0.GA
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Target Release:
    • Steps to Reproduce:
      Hide
      1. Create new user "guest" with "view" role. (both without quote marks)
      2. Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile
      3. Login to Hawtio console as "guest" user
      4. Attempt to create address or queue
      5. Nothing happens ...
      Show
      Create new user "guest" with "view" role. (both without quote marks) Change "-Dhawtio.role=amq" property tp "-Dhawtio.roles=amq,view" in ${broker_instance}/etc/artemis.profile Login to Hawtio console as "guest" user Attempt to create address or queue Nothing happens ...
    • Affects:
      Release Notes, User Experience
    • Release Notes Text:
      The console can indicate that an operation attempted by an unauthorized user was successful when it was not.
    • Release Notes Docs Status:
      Documented as Known Issue

      Description

      If there is user with restricted permission, e.g. to view role access only, and attempts to use restricted operation, e.g. create address or queue, nothing happens and logs in hawtio console it self contain messages that everything went ok. There should be some feedback for user, that operation has been denied and failed due to lack of access rights.

      Issue influences the docs if broker would be released with this issue not fixed. Although this should not happened as it is serious issue from QE's point of view.

        Gliffy Diagrams

          Attachments

            Issue Links

            is related to

            Bug - A problem which impairs or prevents the functions of the product. ENTMQBR-544 RBAC for the Hawtio console is missing

            • Major - A request that should be considered seriously but is not a show stopper.
            • Done

            Bug - A problem which impairs or prevents the functions of the product. ENTMQBR-1060 Unable to access to AMQ7.1 Management Console in read-only mode

            • Major - A request that should be considered seriously but is not a show stopper.
            • Done

              Activity

                People

                • Assignee:
                  ataylor Andy Taylor
                  Reporter:
                  rvais Roman Vais
                  Tester:
                  Roman Vais
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated: