Not possible to add external roles to an ACL through the admin UI


In 1.6.x it's possible to edit an ACL and add additional (previously unseen) roles without restriction.

In 2.x, this is no longer possible.

It is arguable that if there is a set of possible external roles, those should be surfaced through a RoleProvider which would retrieve role information from an external system on demand, although this may introduce performance issues in the UI if there's a very large number of external roles available (in our case, possibly in excess of 50K).


Stephen Marquard
June 27, 2016, 4:51 AM

One possible way forward for this would be to add a method to RoleProvider like

boolean isRoleValid(String rolename)

Provider implementations could then choose to return true for everything (any role is acceptable), validate based on a pattern (e.g. a regex), or explicitly lookup the role name.

Greg Logan
September 10, 2016, 7:33 AM

The RoleProvider interface has a findRoles method, which allows for wildcard enabled queries. I think the provider(s) themselves should already support this, it's just a matter of wiring up the UI and its endpoints to support this.

Fixed and reviewed


Greg Logan


Stephen Marquard

Tags (folksonomy)



Fix versions

Affects versions