Usually idea is admin can do any thing. That's why admin role has been given permissions to all root paths like all action to registry path '/', permissions to the permission tree root node '/permission'. So I guess this is the default behavior. Are you facing any issues due to this?
Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Sep 8, 2015 at 3:21 PM, Milan Perera <[email protected]> wrote: > Hi, > > I'm using below code to check whether a given user is authorized with > respect to a specific permission which is stored in the registry. > > boolean isUserAuthorized = > CarbonContext.getThreadLocalCarbonContext().getUserRealm(). > getAuthorizationManager().isUserAuthorized(username, permission, > permissionMethod); > > for an example, if I check with following parameters, it returns *true*. > > > usernameadminpermission > /_system/governance/permission/admin/device-mgt/enrollment > permissionMethodwrite > > return*true* > > However, even if I check a permission which is actually not stored in the > registry at the moment also returns *true* for an user who is having an > admin role. > ex: > > usernameadminpermissionaaaaaaaaabbbbbbbb > permissionMethodwrite > > return*true* > > > Is this an expected > behaviour? > > > Regards, > > -- > *Milan Harindu Perera *| Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 77 309 7088 | Work: +94 11 214 5345 > Email: [email protected] <[email protected]> | Web: www.wso2.com > <http://lk.linkedin.com/in/milanharinduperera> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
