Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

11.8.2. Enabling Role-Based Access Control

By default the Role-Based Access Control (RABC) system is disabled. It is enabled by changing the provider attribute from simple to rbac. This can be done using the jboss-cli.sh tool or by editing the server configuration XML file if the server is off-line. When RBAC is disabled or enabled on a running server, the server configuration must be reloaded before it takes effect.
Once enabled it can only be disabled by a user of the Administrator or SuperUser roles. By default the jboss-cli.sh runs as the SuperUser role if it is run on the same machine as the server.

Procedure 11.1. Enabling RBAC

  • To enable RBAC with jboss-cli.sh use the write-attribute operation of the access authorization resource to set the provider attribute to rbac. 
    /core-service=management/access=authorization:write-attribute(name=provider, value=rbac)
    Copy to Clipboard Toggle word wrap 
    [standalone@localhost:9999 /] /core-service=management/access=authorization:write-attribute(name=provider, value=rbac)
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@localhost:9999 /] /:reload
{
    "outcome" => "success",
    "result" => undefined
}
[standalone@localhost:9999 /]
    Copy to Clipboard Toggle word wrap

Procedure 11.2. Disabling RBAC

  • To disable RBAC with jboss-cli.sh use the write-attribute operation of the access authorization resource to set the provider attribute to simple. 
    /core-service=management/access=authorization:write-attribute(name=provider, value=simple)
    Copy to Clipboard Toggle word wrap 
    [standalone@localhost:9999 /] /core-service=management/access=authorization:write-attribute(name=provider, value=simple)
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@localhost:9999 /] /:reload
{
    "outcome" => "success",
    "result" => undefined
}
[standalone@localhost:9999 /]
    Copy to Clipboard Toggle word wrap
If the server is off-line the XML configuration can be edited to enabled or disable RBAC. To do this, edit the provider attribute of the access-control element of the management element. Set the value to rbac to enable, and simple to disable. 
<management>

        <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user name="$local"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>

    </management>
Copy to Clipboard Toggle word wrap
Report a bug
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat