[jira] [Work logged] (ARTEMIS-4582) add view and update permissions to augment the manage rbac for control resources

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4582?focusedWorklogId=909166&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-909166
 ]

ASF GitHub Bot logged work on ARTEMIS-4582:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 11/Mar/24 11:24
            Start Date: 11/Mar/24 11:24
    Worklog Time Spent: 10m 
      Work Description: gtully commented on code in PR #4820:
URL: https://github.com/apache/activemq-artemis/pull/4820#discussion_r1519562554


##########
artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java:
##########
@@ -786,7 +786,7 @@ private void 
testProperReloadWhenAddingUserViaManagement(boolean basic) throws E
 
       try {
          activeMQServerControl.createAddress("myAddress", 
RoutingType.ANYCAST.toString());
-         activeMQServerControl.addSecuritySettings("myAddress", "myRole", 
"myRole", "myRole", "myRole", "myRole", "myRole", "myRole", "myRole", "myRole", 
"myRole");
+         activeMQServerControl.addSecuritySettings("myAddress", "myRole", 
"myRole", "myRole", "myRole", "myRole", "myRole", "myRole", "myRole", "myRole", 
"myRole", "", "");

Review Comment:
   fair, will revert that change. thanks





Issue Time Tracking
-------------------

    Worklog Id:     (was: 909166)
    Time Spent: 1h 50m  (was: 1h 40m)

> add view and update permissions to augment the manage rbac for control 
> resources
> --------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-4582
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4582
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Broker, Configuration, JMX, Web Console
>    Affects Versions: 2.31.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> we have the manage permission that allows sending to the management address, 
> to access any control resource. We don't however distinguish what a user can 
> do.
> We should segment control operations into categories: CRUD provides a basis
> view for get/is (Read)
> update for set or operations that mutate or modify.
> We allow this sort of configuration via management.xml for jmx mbean access 
> but using a different model based on object name.
> All of the mbeans delegate to the control resources.
> If we add these two additional permissions then we can have a single rbac 
> model (that supports config reload) and more granularity on control resource 
> access from the management address.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)