0 Replies Latest reply on Oct 17, 2006 2:47 PM by Michael Mraz

    Locking other roles out of their configuration files


      I have a configuration file for my application


      This would be a fairly common configuration file name, potentially used by multiple applications on various servers.


      I want to add it to my configuration file listings and bring up the Configuration File administration tool. I put in the path and select the grammar then click the Next button. An error pops up, "Configuration file definition already exists". D'oh! Someone else already added it and didn't give other roles ACLs to see or utilize the resource. I can't properly package or audit my application installation now.


      Now normally I would just switch to the BLAdmins role and override the ACLs on the object granting more liberal access to "Everyone". But, under our 7.0.2 installation bringing up the Configuration File Administration tool as BLAdmins or RBACAdmins throws a NullPointer exception. Ouch! The same problem is occurring for the role that does own the "disputed" configuration file. I'll open a ticket on that problem, of course.


      So, it seems "first dibs" counts for something in Configuration File Administration. It's still a global flat namespace, but now people in one role can lock others out by adding the entry first and applying restrictive ACLs. I think a branched namespace, perhaps similar to how properties are now handled, is in order.