Bug 988553 (PM-222, PRODMGT-222) - RFE: provide more fine grained bundle permissions
Summary: RFE: provide more fine grained bundle permissions
Alias: PM-222, PRODMGT-222
Product: JBoss Operations Network
Classification: JBoss
Component: Provisioning
Version: JON 3.1.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: ER01
: JON 3.2.0
Assignee: Jay Shaughnessy
QA Contact: Mike Foley
: 839591 (view as bug list)
Depends On: 1000551
TreeView+ depends on / blocked
Reported: 2013-07-25 19:59 UTC by John Mazzitelli
Modified: 2018-12-04 15:38 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1000551 (view as bug list)
Last Closed: 2014-01-02 20:33:12 UTC
Type: Feature Request

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 418733 None None None Never
Red Hat One Jira Issue Tracker PRODMGT-222 Major Closed Separate roles for creation and deployment of bundles 2014-01-02 20:55:33 UTC

Description John Mazzitelli 2013-07-25 19:59:19 UTC
Need to provide more fine-grained permissions for the bundle subsystem.

Right now we have a all-or-nothing "MANAGE_BUNDLE" permission. We want to provide a better security model.

See https://docs.jboss.org/author/display/RHQ/Bundle+Permissions for the design that we will implement.

Comment 1 John Mazzitelli 2013-07-25 20:02:03 UTC
*** Bug 839591 has been marked as a duplicate of this bug. ***

Comment 2 JBoss JIRA Server 2013-07-26 14:08:24 UTC
jay shaughnessy <jshaughn@redhat.com> made a comment on jira PRODMGT-222

Charles, Larry,

This is just to let you know that the design has been tweaked slightly since the customer review.  The wiki page is updated with the addition of CREATE and DELETE permissions at the bundle group level.  This covers more use cases.  It also does not affect the original proposal in that if these perms are not used everything else remains unchanged.

Comment 3 Larry O'Leary 2013-08-23 15:57:57 UTC
Moving this to the JBoss ON product tracker as this is an RFE for JBoss ON.

Comment 4 Mike Foley 2013-09-13 19:34:44 UTC
This has been implemented, and a developer demo given to the JON Team.  It is targetted for the JON 3.2 BETA.  

Setting the status to MODIFIED with Target Release ER1

Comment 5 Libor Zoubek 2013-11-13 17:19:21 UTC
verified on JON 3.2.ER5

I followed https://docs.jboss.org/author/display/RHQ/Security+Model+for+Bundle+Provisioning

automated 3 usecases: first one and the most complex one (TeamLeader, DeploymentManager, TeamMembers), and regression case where user with MANAGE_BUNDLES can actually manipulate with bundles & groups.

Note You need to log in before you can comment on or make changes to this bug.