The "Certificate Authorities" and "Publishers" link are missing from the admin menu even if the administrator's role has been granted full recursive rights on the privilege "/ca_functionality".
1. Issue a new EJBCA administrator certificate. We will refer to this certificate as "Test Admin".
2. Create a new EJBCA role called "Test CA Admin" with privileges set as follows:
- / (non-recursive, accept)
- /administrator (non-recursive, accept)
- /ca_functionality (recursive, accept)
- /ca (recursive, accept)
3. Register certificate "Test Admin" in role "Test CA Admin".
4. Open the admin web GUI using the "Test Admin" certificate for login credentials.
1. Link "Certification Authorities" is visible in the admin menu.
2. Link "Publishers" is visible in the admin menu.
1. Link "Certificate Authorities" is not visible in the admin menu.
2. Link "Publishers" is not visible in the admin menu.
Accessing the "Certificate Authorities"/"Publishers" pages manually (by specifying the link to those pages directly in browser URL) will still allow the administrator to access the functionality. Therefore it's probably just invalid check for the menu.
Doing a quick grep for /super_administrator (Mike pointed out this earlier to me) reveals that access rule "/super_administrator" is still being referenced in a number of jsp pages.