Bug 988553 (PM-222, PRODMGT-222)

Summary: RFE: provide more fine grained bundle permissions
Product: [JBoss] JBoss Operations Network Reporter: John Mazzitelli <mazz>
Component: ProvisioningAssignee: Jay Shaughnessy <jshaughn>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: high Docs Contact:
Priority: urgent    
Version: JON 3.1.2CC: dowoods, hrupp, jshaughn, loleary, lzoubek
Target Milestone: ER01Keywords: FutureFeature
Target Release: JON 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1000551 (view as bug list) Environment:
Last Closed: 2014-01-02 20:33:12 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1000551    
Bug Blocks:    

Description John Mazzitelli 2013-07-25 19:59:19 UTC 
Need to provide more fine-grained permissions for the bundle subsystem.

Right now we have a all-or-nothing "MANAGE_BUNDLE" permission. We want to provide a better security model.

See https://docs.jboss.org/author/display/RHQ/Bundle+Permissions for the design that we will implement.
Comment 1 John Mazzitelli 2013-07-25 20:02:03 UTC 
*** Bug 839591 has been marked as a duplicate of this bug. ***
Comment 2 JBoss JIRA Server 2013-07-26 14:08:24 UTC 
jay shaughnessy <jshaughn> made a comment on jira PRODMGT-222

Charles, Larry,

This is just to let you know that the design has been tweaked slightly since the customer review.  The wiki page is updated with the addition of CREATE and DELETE permissions at the bundle group level.  This covers more use cases.  It also does not affect the original proposal in that if these perms are not used everything else remains unchanged.
Comment 3 Larry O'Leary 2013-08-23 15:57:57 UTC 
Moving this to the JBoss ON product tracker as this is an RFE for JBoss ON.
Comment 4 Mike Foley 2013-09-13 19:34:44 UTC 
This has been implemented, and a developer demo given to the JON Team.  It is targetted for the JON 3.2 BETA.  

Setting the status to MODIFIED with Target Release ER1
Comment 5 Libor Zoubek 2013-11-13 17:19:21 UTC 
verified on JON 3.2.ER5

I followed https://docs.jboss.org/author/display/RHQ/Security+Model+for+Bundle+Provisioning

automated 3 usecases: first one and the most complex one (TeamLeader, DeploymentManager, TeamMembers), and regression case where user with MANAGE_BUNDLES can actually manipulate with bundles & groups.