This is an RFE for submitted from JBoss ON product. +++ This bug was initially created as a clone of Bug #988553 +++ Need to provide more fine-grained permissions for the bundle subsystem. Right now we have a all-or-nothing "MANAGE_BUNDLE" permission. We want to provide a better security model. See https://docs.jboss.org/author/display/RHQ/Bundle+Permissions for the design that we will implement. --- Additional comment from John Mazzitelli on 2013-07-25 16:02:03 EDT --- --- Additional comment from JBoss JIRA Server on 2013-07-26 10:08:24 EDT --- jay shaughnessy <jshaughn> made a comment on jira PRODMGT-222 Charles, Larry, This is just to let you know that the design has been tweaked slightly since the customer review. The wiki page is updated with the addition of CREATE and DELETE permissions at the bundle group level. This covers more use cases. It also does not affect the original proposal in that if these perms are not used everything else remains unchanged.
This work is done. The 4.9 solution is documented in the wiki: https://docs.jboss.org/author/display/RHQ/Security+Model+for+Bundle+Provisioning
Bulk closing now that 4.10 is out. If you think an issue is not resolved, please open a new BZ and link to the existing one.