Red Hat Bugzilla – Bug 988553
RFE: provide more fine grained bundle permissions
Last modified: 2014-01-02 15:33:12 EST
Need to provide more fine-grained permissions for the bundle subsystem.
Right now we have a all-or-nothing "MANAGE_BUNDLE" permission. We want to provide a better security model.
See https://docs.jboss.org/author/display/RHQ/Bundle+Permissions for the design that we will implement.
*** Bug 839591 has been marked as a duplicate of this bug. ***
jay shaughnessy <email@example.com> made a comment on jira PRODMGT-222
This is just to let you know that the design has been tweaked slightly since the customer review. The wiki page is updated with the addition of CREATE and DELETE permissions at the bundle group level. This covers more use cases. It also does not affect the original proposal in that if these perms are not used everything else remains unchanged.
Moving this to the JBoss ON product tracker as this is an RFE for JBoss ON.
This has been implemented, and a developer demo given to the JON Team. It is targetted for the JON 3.2 BETA.
Setting the status to MODIFIED with Target Release ER1
verified on JON 3.2.ER5
I followed https://docs.jboss.org/author/display/RHQ/Security+Model+for+Bundle+Provisioning
automated 3 usecases: first one and the most complex one (TeamLeader, DeploymentManager, TeamMembers), and regression case where user with MANAGE_BUNDLES can actually manipulate with bundles & groups.