Reputation: 125
Changing from "simple" to "rbac":
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local" />
</include>
</role>
</role-mapping>
</access-control>
causes the following:
{ "outcome" : "failed", "failure-description" : "WFLYCTL0313: Unauthorized to execute operation 'read-resource' for resource '[]' -- \"WFLYCTL0332: Permission denied\"", "rolled-back" : true }
Which other configurations are required in standalone.xml for this to work?
Upvotes: 1
Views: 2016
Reputation: 125
Solved the issue - defining only the $local user is insufficient, and you actually need to add additional users first, e.g.:
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local" />
<user name="myAdmin" />
</include>
</role>
<role name="Monitor">
<include>
<user name="myLogs" />
</include>
</role>
</role-mapping>
</access-control>
Upvotes: 2