[Ejbca-develop] Administrator Privileges

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I have tried to test administrator privileges by creating a new 
Administrator group, and add an administrator to that group.
What I did for this is like below:

- Add "RAAdmin" group, and set Access rule as "RA Administrators".
   And I selected the following privileges as follows:
     - Authorized CA: AdminCA1 (the root admin CA)
     - End Entity Rules: all six end entity rules: (View End Entities, View 
History, Create End Entities, Edit End Entities, Delete End Entities, Revoke 
End Entities)
     - End Entity Profiles:  select EMPTY (this is the default end entity 
profile for AdminCA1)
     - Other rules: no selection.

And, press "Save" button.
Now then, add a "raadmin1" administrator with administrator flag on, and add 
"raadmin1" to RAAdmin administrator group.

After batch process, I got raadmin1's certificate. I installed it in my 
browser.

To test, I access the EJBCA admin page as "raadmin1" user.
I got the menu of:
  - Home
  - Add End Entity
  - List/Edit End Entities
  - My Preferences

It's OK until now, but when I click "Add End Entity", I got "Authorization 
Denied, No create rigits to any end entity profiles".
This is weird, because I enabled all the "End entity rules" to the RAAdmin 
group.

Another weird thing is: when I try to List End Entities, I got always "No 
end entities found".
(I tried the things above as superadmin, and all of those worked fine.)

Could you please check this problem?

Regards,

Seonman Kim 