learned from ian: this may be a usability issue.  there are a lot of dependencies between the individual permissions that are not expressed in the UI that may be contributing to my perception that permissions were not being saved.

It appeared permission changes were not being saved, because the permissions that had been unset were re-selected due to being implied by MANAGE_INV or MANAGE_SEC.

[master 7b98837] should make this clearer to the user by displaying a transient message to inform the user when auto-selecting perms implied by a perm the user has just selected.

There was one more change needed to resolve this:

[master f9361b2] don't allow deselection of perms whose selection is implied by existing selection of MANAGE_SECURITY or MANAGE_INVENTORY, and display a transient warning message

One last change:

[master 294c067] in perm editor, don't allow deselection of CONFIGURE_READ if CONFIGURE_WRITE is selected

Verified on rhq4 release build (Version: 4.0.0 Build Number: db0c817)

Below messages are displayed when user selects 'Manage inventory' or Manage Security' permissions:
1. Autoselected unselected permissions, since MANAGE_SECURITY implies all other permissions.
2. Autoselected unselected Resource permissions, since MANAGE_INVENTORY implies all Resource permissions.

User is not allowed to deselect permissions whose selection is implied by
existing selection of MANAGE_SECURITY or MANAGE_INVENTORY

Below example messages are displayed:
1.Inventory permissions cannot be deselected, unless Manage Inventory, which implies all Resource permissions is deselected first
2.Configure permission cannot be deselected unless the Manage Security permissions, which implies all Resource permission, which implies all other permissions is deselected first.

It displays a mesage and user is not allowed to deselect CONFIGURE_READ if CONFIGURE_WRITE is selected.

Bookkeeping - closing bug - fixed in recent release.

Bookkeeping - closing bug - fixed in recent release.