WildFly Full 27 Model Reference

  1. home
  2. core-service=management
  3. access=authorization

The access control definitions defining the access management restrictions.

Children (2)

  • constraint Access constraints for the vault expressions sensitivity, sensitivity classifications and the application resources.
  • role-mapping A mapping of users and groups to a specific role.

Attributes (5)

  • all-role-names The official names of all roles supported by the current management access control provider. This includes any standard roles as well as any user-defined roles.
    • Attribute Value
    Type LIST
    Nillable false
    Expressions Allowed false
    Storage runtime
    Access Type read-only
  • permission-combination-policy The policy for combining access control permissions when the authorization policy grants the user more than one type of permission for a given action. In the standard role based authorization policy, this would occur when a user maps to multiple roles. The 'permissive' policy means if any of the permissions allow the action, the action is allowed. The 'rejecting' policy means the existence of multiple permissions should result in an error.
    • Attribute Value
    Default Value permissive
    Type STRING
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required no-services
    Allowed Values permissive
    rejecting
  • provider The provider to use for management access control decisions.
    • Attribute Value
    Default Value simple
    Type STRING
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required no-services
    Allowed Values simple
    rbac
  • standard-role-names The official names of the standard roles supported by the current management access control provider.
    • Attribute Value
    Type LIST
    Nillable false
    Expressions Allowed false
    Storage runtime
    Access Type read-only
  • use-identity-roles Should the raw roles obtained from the underlying security identity be used directly?
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required no-services