Create a user/role with all resource perms except "Measurement" (and no global perms). Go to a resource's Monitor/Configure tab. Notice there are checkboxes on the Collection Schedule items are there, but there are no actions that can be taken on selected items. The checkboxes should be either removed or disabled when the user doesn't have permission to modify.
Should a user without Measurement perms be able to see the measurement data at all?
Yes, remember, just being in a role gives a user view permissions across all subsystems for Resources associated with the role. For example, the user can view metrics data or resource config, but cannot edit metric schedules or resource config unless the role has the respective perms set.
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-648
This is now fixed in coregui.war - [master ee1cabe]. Specifically, the enable/disable/set-interval controls on metric schedule views are now disabled if the logged-in user does not have the required permissions.
Verified on build107 (Version: 4.1.0-SNAPSHOT Build Number: 9192306) Created a role without Manage Measurements write permissions and assigned a user and a resource group to the role. Logged in as the user and verified that on selecting a metric on Monitoring->Schedules tab, the buttons Enable/Disable are disabled and user is not allowed to set the collection interval time. Also verified that the checkboxes next to collection schedule items are disabled. Marking as verified.
Bulk closing of old issues that are in VERIFIED state.