Bug 988553 - (PM-222, PRODMGT-222) RFE: provide more fine grained bundle permissions
RFE: provide more fine grained bundle permissions
Product: JBoss Operations Network
Classification: JBoss
Component: Provisioning (Show other bugs)
JON 3.1.2
Unspecified Unspecified
urgent Severity high
: ER01
: JON 3.2.0
Assigned To: Jay Shaughnessy
Mike Foley
: FutureFeature
: 839591 (view as bug list)
Depends On: 1000551
  Show dependency treegraph
Reported: 2013-07-25 15:59 EDT by John Mazzitelli
Modified: 2014-01-02 15:33 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1000551 (view as bug list)
Last Closed: 2014-01-02 15:33:12 EST
Type: Feature Request
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker PRODMGT-222 Major Closed Separate roles for creation and deployment of bundles 2014-01-02 15:55:33 EST
Red Hat Knowledge Base (Solution) 418733 None None None Never

  None (edit)
Description John Mazzitelli 2013-07-25 15:59:19 EDT
Need to provide more fine-grained permissions for the bundle subsystem.

Right now we have a all-or-nothing "MANAGE_BUNDLE" permission. We want to provide a better security model.

See https://docs.jboss.org/author/display/RHQ/Bundle+Permissions for the design that we will implement.
Comment 1 John Mazzitelli 2013-07-25 16:02:03 EDT
*** Bug 839591 has been marked as a duplicate of this bug. ***
Comment 2 JBoss JIRA Server 2013-07-26 10:08:24 EDT
jay shaughnessy <jshaughn@redhat.com> made a comment on jira PRODMGT-222

Charles, Larry,

This is just to let you know that the design has been tweaked slightly since the customer review.  The wiki page is updated with the addition of CREATE and DELETE permissions at the bundle group level.  This covers more use cases.  It also does not affect the original proposal in that if these perms are not used everything else remains unchanged.
Comment 3 Larry O'Leary 2013-08-23 11:57:57 EDT
Moving this to the JBoss ON product tracker as this is an RFE for JBoss ON.
Comment 4 Mike Foley 2013-09-13 15:34:44 EDT
This has been implemented, and a developer demo given to the JON Team.  It is targetted for the JON 3.2 BETA.  

Setting the status to MODIFIED with Target Release ER1
Comment 5 Libor Zoubek 2013-11-13 12:19:21 EST
verified on JON 3.2.ER5

I followed https://docs.jboss.org/author/display/RHQ/Security+Model+for+Bundle+Provisioning

automated 3 usecases: first one and the most complex one (TeamLeader, DeploymentManager, TeamMembers), and regression case where user with MANAGE_BUNDLES can actually manipulate with bundles & groups.

Note You need to log in before you can comment on or make changes to this bug.