Description of problem: Created a role and assigned a resource group consisting of a subset of the resources inventoried. The role has the ability to do Bundle deployment. When attempting to do a Bundle deployment, all resources groups are availble in the Bundle deployment pull-down for the restricted user/role. Version-Release number of selected component (if applicable): 3.1 How reproducible: Consistent Steps to Reproduce: 1.Create a compatible group with a subset of resources(e.g restrictedgroup). 2.Create a second compatible group with resources(e.g. rhqadmingroup) 3.Create a role and assign the compatible group(restrictedgroup) via resource groups in step #1 to the role 4.Create a user and assign the role created in step#3 and allow this user to do Bundle view, etc.. 5.Login in using the user created in step 4. 6. Start a Bundle deployment and in the pulldown menu for targeted compatible groups both "restrictedgroup" and "rhqadmingroup" will be available as a deployment group. Actual results: All compatible groups show up in the Bundle pull down menu Expected results: Only the resource/ldap groups assigned to a role show appear in the Bundle pull down menu Additional info:
Mazz is looking at bundle permissions right now, so assigning to him.
We are just about to ramp up our development of this new feature as described on this design page: https://docs.jboss.org/author/display/RHQ/Bundle+Permissions It introduces the new concept of a "Bundle Group" and bundle permissions. I think this is what you want.
closing this as a dup - to track this effort, see bug #988553 *** This bug has been marked as a duplicate of bug 988553 ***