Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
9.1
-
None
Description
Admin UI has a Security Dashboard that requires the 'security-read' permission to view and the 'security-edit' permission to modify.
It will display an error message if the user lacks these permission, based on a match of user's roles and the permission roles. This works fine.
However, if any authenticated user is granted a permission through wildcard role, e.g.
"permissions": [ {"name": "security-read", "role": "*"}]
...then the check fails since it does not understand wildcard roles.