988553 – (PM-222, PRODMGT-222) RFE: provide more fine grained bundle permissions

Bug 988553 (PM-222, PRODMGT-222) - RFE: provide more fine grained bundle permissions

Summary: RFE: provide more fine grained bundle permissions

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	PM-222, PRODMGT-222
Product:	JBoss Operations Network
Classification:	JBoss
Component:	Provisioning
Sub Component:
Version:	JON 3.1.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	ER01
Target Release:	JON 3.2.0
Assignee:	Jay Shaughnessy
QA Contact:	Mike Foley
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	839591 (view as bug list)
Depends On:	1000551
Blocks:
TreeView+	depends on / blocked

Reported:	2013-07-25 19:59 UTC by John Mazzitelli
Modified:	2018-12-04 15:38 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Clones:	1000551 (view as bug list)
Environment:
Last Closed:	2014-01-02 20:33:12 UTC
Type:	Feature Request
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	PRODMGT-222	0	Major	Closed	Separate roles for creation and deployment of bundles	2014-01-02 20:55:33 UTC
Red Hat Knowledge Base (Solution)	418733	0	None	None	None	Never

Description John Mazzitelli 2013-07-25 19:59:19 UTC

Need to provide more fine-grained permissions for the bundle subsystem.

Right now we have a all-or-nothing "MANAGE_BUNDLE" permission. We want to provide a better security model.

See https://docs.jboss.org/author/display/RHQ/Bundle+Permissions for the design that we will implement.

Comment 1 John Mazzitelli 2013-07-25 20:02:03 UTC

*** Bug 839591 has been marked as a duplicate of this bug. ***

Comment 2 JBoss JIRA Server 2013-07-26 14:08:24 UTC

jay shaughnessy <jshaughn> made a comment on jira PRODMGT-222

Charles, Larry,

This is just to let you know that the design has been tweaked slightly since the customer review.  The wiki page is updated with the addition of CREATE and DELETE permissions at the bundle group level.  This covers more use cases.  It also does not affect the original proposal in that if these perms are not used everything else remains unchanged.

Comment 3 Larry O'Leary 2013-08-23 15:57:57 UTC

Moving this to the JBoss ON product tracker as this is an RFE for JBoss ON.

Comment 4 Mike Foley 2013-09-13 19:34:44 UTC

This has been implemented, and a developer demo given to the JON Team.  It is targetted for the JON 3.2 BETA.  

Setting the status to MODIFIED with Target Release ER1

Comment 5 Libor Zoubek 2013-11-13 17:19:21 UTC

verified on JON 3.2.ER5

I followed https://docs.jboss.org/author/display/RHQ/Security+Model+for+Bundle+Provisioning

automated 3 usecases: first one and the most complex one (TeamLeader, DeploymentManager, TeamMembers), and regression case where user with MANAGE_BUNDLES can actually manipulate with bundles & groups.

Note You need to log in before you can comment on or make changes to this bug.