JON user who does not have Delete permission can still see delete operations in UI

Solution Verified - Updated -

Issue

  • Read-only user has access to deploy/delete content

  • I have a JON read-only user with "measure" access only, but when I login as the read-only user, I can browse to the JBoss Application Server (AS) resource, and actually delete deployed content

  • I am able to select a JAR from the content page of a JBoss Application Server (AS) resource and click on delete even though the user does not have the delete permission in their role
  • Should I see any check boxes to delete content if I give the user's role read-only access?
  • When a user's role does not contain the delete permission, they are still able to check deployed components and see the delete button

Environment

  • JBoss Operations Network (JON) 2.3, 2.3.1, 2.4
  • User who has a role which does not include the Delete Resource Permission

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content