Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-4582

add view and edit permissions to extend security-settings rbac for management operations

    XMLWordPrintableJSON

Details

    Description

      we have the manage permission that allows sending to the management address, to access any control resource. We don't however distinguish what a user can do.

      We should segment control operations into categories: CRUD provides a basis

      view for get/is (Read)

      edit for set or operations that mutate or modify.

      We allow this sort of configuration via management.xml for jmx mbean access but using a different model based on object name.

      All of the mbeans delegate to the control resources.

      If we add these two additional permissions then we can have a single rbac model (that supports config reload) and more granularity on control resource access from the management address.

      Attachments

        Issue Links

          Activity

            People

              gtully Gary Tully
              gtully Gary Tully
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 4h 40m
                  4h 40m