Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

11.11.2. Sensitivity Constraints Reference

Type: core

Classification: access-control
  • requires-addressable: true
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /core-service=management/access=authorization
      

    /subsystem=jmx

    non-core-mbean-sensitivity
     
Classification: credential
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=mail/mail-session=*/server=pop3

    username , password
     

    /subsystem=mail/mail-session=*/server=imap

    username, password
     

    /subsystem=datasources/xa-data-source=*

    user-name, recovery-username, password, recovery-password
     

    /subsystem=mail/mail-session=*/custom=*

    username, password
     

    /subsystem=datasources/data-source=*"

    user-name, password
     

    /subsystem=remoting/remote-outbound-connection=*"

    username
     

    /subsystem=mail/mail-session=*/server=smtp

    username , password
     

    /subsystem=web/connector=*/configuration=ssl

    key-alias, password
     

    /subsystem=resource-adapters/resource-adapter=*/connection-definitions=*"

    recovery-username, recovery-password
     
Classification: domain-controller
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations
       
Classification: domain-names
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations
       
Classification: extensions
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /extension=*
      
Classification: jvm
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=platform-mbean/type=runtime

    input-arguments, boot-class-path, class-path, boot-class-path-supported, library-path
     
Classification: management-interfaces
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=management/management-interface=native-interface
      

    /core-service=management/management-interface=http-interface
      
Classification: module-loading
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=module-loading
      
Classification: patching
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=patching/addon=*
      

    /core-service=patching/layer=*"
      

    /core-service=patching
      
Classification: read-whole-config
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /
     

    read-config-as-xml
Classification: security-domain
  • requires-addressable: true
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=security/security-domain=*
      
Classification: security-domain-ref
  • requires-addressable: true
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=datasources/xa-data-source=*

    security-domain
     

    /subsystem=datasources/data-source=*

    security-domain
     

    /subsystem=ejb3

    default-security-domain
     

    /subsystem=resource-adapters/resource-adapter=*/connection-definitions=*

    security-domain, recovery-security-domain, security-application, security-domain-and-application
     
Classification: security-realm
  • requires-addressable: true
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /core-service=management/security-realm=*
      
Classification: security-realm-ref
  • requires-addressable: true
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=remoting/connector=*

    security-realm
     

    /core-service=management/management-interface=native-interface

    security-realm
     

    /core-service=management/management-interface=http-interface

    security-realm
     

    /subsystem=remoting/remote-outbound-connection=*

    security-realm
     
Classification: security-vault
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=vault
      
Classification: service-container
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=service-container
      
Classification: snapshots
  • requires-addressable: false
  • requires-read: false
  • requires-write: false
    PATH attributes operations

    /
     

    take-snapshot, list-snapshots, delete-snapshot
Classification: socket-binding-ref
  • requires-addressable: false
  • requires-read: false
  • requires-write: false
    PATH attributes operations

    /subsystem=mail/mail-session=*/server=pop3

    outbound-socket-binding-ref
     

    /subsystem=mail/mail-session=*/server=imap

    outbound-socket-binding-ref
     

    /subsystem=remoting/connector=*

    socket-binding
     

    /subsystem=web/connector=*

    socket-binding
     

    /subsystem=remoting/local-outbound-connection=*

    outbound-socket-binding-ref
     

    /socket-binding-group=*/local-destination-outbound-socket-binding=*

    socket-binding-ref
     

    /subsystem=remoting/remote-outbound-connection=*

    outbound-socket-binding-ref
     

    /subsystem=mail/mail-session=*/server=smtp

    outbound-socket-binding-ref
     

    /subsystem=transactions

    process-id-socket-binding, status-socket-binding, socket-binding
     
Classification: socket-config
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /interface=*
     

    resolve-internet-address

    /core-service=management/management-interface=native-interface

    port, interface, socket-binding
     

    /socket-binding-group=*
      

    /core-service=management/management-interface=http-interface

    port, secure-port, interface, secure-socket-binding, socket-binding
     

    /
     

    resolve-internet-address

    /subsystem=transactions

    process-id-socket-max-ports
     
Classification: system-property
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /core-service=platform-mbean/type=runtime

    system-properties
     

    /system-property=*
      

    /
     

    resolve-expression

Type: datasources

Classification: data-source-security
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=datasources/xa-data-source=*

    user-name, security-domain, password
     

    /subsystem=datasources/data-source=*

    user-name, security-domain, password
     

Type: jdr

Classification: jdr
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /subsystem=jdr
     

    generate-jdr-report

Type: jmx

Classification: jmx
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /subsystem=jmx
      

Type: mail

Classification: mail-server-security
  • requires-addressable: false
  • requires-read: false
  • requires-write: true
    PATH attributes operations

    /subsystem=mail/mail-session=*/server=pop3

    username, tls, ssl, password
     

    /subsystem=mail/mail-session=*/server=imap

    username, tls, ssl, password
     

    /subsystem=mail/mail-session=*/custom=*

    username, tls, ssl, password
     

    /subsystem=mail/mail-session=*/server=smtp

    username, tls, ssl, password
     

Type: naming

Classification: jndi-view
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=naming
     

    jndi-view
Classification: naming-binding
  • requires-addressable: false
  • requires-read: false
  • requires-write: false
    PATH attributes operations

    /subsystem=naming/binding=*
      

Type: remoting

Classification: remoting-security
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=remoting/connector=*

    authentication-provider, security-realm
     

    /subsystem=remoting/remote-outbound-connection=*

    username, security-realm
     

    /subsystem=remoting/connector=*/security=sasl
      

Type: resource-adapters

Classification: resource-adapter-security
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=resource-adapters/resource-adapter=*/connection-definitions=*

    security-domain, recovery-username, recovery-security-domain, security-application, security-domain-and-application, recovery-password
     

Type: security

Classification: misc-security
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=security

    deep-copy-subject-mode
     

Type: web

Classification: web-access-log
  • requires-addressable: false
  • requires-read: false
  • requires-write: false
    PATH attributes operations

    /subsystem=web/virtual-server=*/configuration=access-log
      
Classification: web-connector
  • requires-addressable: false
  • requires-read: false
  • requires-write: false
    PATH attributes operations

    /subsystem=web/connector=*
      
Classification: web-ssl
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=web/connector=*/configuration=ssl
      
Classification: web-sso
  • requires-addressable: false
  • requires-read: true
  • requires-write: true
    PATH attributes operations

    /subsystem=web/virtual-server=*/configuration=sso
      
Classification: web-valve
  • requires-addressable: false
  • requires-read: false
  • requires-write: false
    PATH attributes operations

    /subsystem=web/valve=*