Permission collection 'MONITOR' does not provide a permission for write-config

Solution Verified - Updated -

Issue

  • User was not able to start or stop JVMs from Topology in JBoss EAP Management Console.
  • Server.log was showing the following TRACE log.
2025-04-17 10:07:04,494 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' not assigned role 'SUPERUSER' as no match on the include definition of the role mapping.
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' assiged role 'MONITOR' due to match on inclusion Principal [type=USER, name=anonymous]
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' Assigned Roles { 'MONITOR' }
2025-04-17 10:07:04,499 TRACE [org.wildfly.security] (oneagentperiodiceventsmanaged) Role mapping: principal [anonymous] -> decoded roles [] -> domain decoded roles [] -> realm mapped roles [] -> domain mapped roles []
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' not assigned role 'SUPERUSER' as no match on the include definition of the role mapping.
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' assiged role 'MONITOR' due to match on inclusion Principal [type=USER, name=anonymous]
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' Assigned Roles { 'MONITOR' }
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) Permission collection 'MONITOR' does not provide a permission for write-config
2025-04-17 10:07:04,499 TRACE [org.wildfly.security] (oneagentperiodiceventsmanaged) Role mapping: principal [anonymous] -> decoded roles [] -> domain decoded roles [] -> realm mapped roles [] -> domain mapped roles []
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' not assigned role 'SUPERUSER' as no match on the include definition of the role mapping.
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' assiged role 'MONITOR' due to match on inclusion Principal [type=USER, name=anonymous]
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) User 'anonymous' Assigned Roles { 'MONITOR' }
2025-04-17 10:07:04,499 TRACE [org.jboss.as.controller.access-control] (oneagentperiodiceventsmanaged) Permission collection 'MONITOR' does not provide a permission for write-runtime
2025-04-17 10:07:04,499 TRACE [org.wildfly.security] (oneagentperiodiceventsmanaged) Role mapping: principal [anonymous] -> decoded roles [] -> domain decoded roles [] -> realm mapped roles [] -> domain mapped roles []
...
...

Environment

  • Red Hat JBoss Enterprise Application Platform
    • 7.x
    • 8.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content