Very similar to Actions, Servers were only using the org to decide if we could look them up. The result is that users with no servers assigned to them can manage servers in the SDC by typing in the appropriate url with sid.
Ken, this is going to need a testplan.
Sequester an org with at least two users and one system in which one user has access to the server and the other user does not. Note: In order for a user to not have access to a system, he or she must not be an org admin nor a system group admin and must not have access to a system group that that server is in. A user's server perms can be found in Users->Click a User->Systems. For the user which does have permission, he or she should see the system in the System List and should be able to view and schedule actions for the system in System Details pages. (Systems->Systems->Click the System->Click a java link in the middle nav (Errata, Packages)) For the user which does not have permission, go to Systems->Systems->Click a System->modify the url so that the sid parameter equals the system id of the inaccessible system. None of the pages (Java or Perl) should allow you to view the system.
will qa this.
works fine, prod_ready.