[
https://issues.apache.org/jira/browse/ARTEMIS-4582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary Tully updated ARTEMIS-4582:
--------------------------------
Summary: add view and edit permissions to augment the manage rbac for
control resources (was: add view and edit roles to augment the manage role for
control resources)
> add view and edit permissions to augment the manage rbac for control resources
> ------------------------------------------------------------------------------
>
> Key: ARTEMIS-4582
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4582
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Broker, Configuration, JMX, Web Console
> Affects Versions: 2.31.0
> Reporter: Gary Tully
> Priority: Major
>
> we have the manage role that allows sending to the management address, to
> access any control resource.
> We should segment control operations into categories: CRUD provides a basis
> view for get/is (Read)
> edit for set (Update)
> manage for aggregate operations list* and Create, Delete) also implying both
> view & edit
>
> We allow this sort of configuration via management.xml for jmx mbean access
> but using a different model based on object name.
> All of the mbeans delegate to the control resources.
>
> If we add these two additional roles then we can have a single rbac model
> (that supports config reload) and more granularity on control resource access
> from the management address.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
