Users assigned to multiple roles would see operations in the console that they did not have access to perform. For example, a user with roles *host-master-administrator* and *host-slave-monitor* should only have been able to see control elements (such as the *Add* button on the server configurations page) in context of host slave. This button should not have been visible when operating in context of host master (however it was).
Operations that were incorrectly visible would fail if attempted, as the correct access control was enforced in the execution of the operation. There was no security violation.
This issue in the management console has been fixed in this release. Control elements which are not relevant for a user role, while visible, are 'grayed-out' and are not active.