Version 7
    Restricting access to server groups

    Configuration: Server groups: "production", "staging". roles: "admin", "developer"


    Goal: Restrict access to the production group to the "admin" role in to prevent messing with the production system


    Implications: Server groups are part of the model but also a logical concept. I.e. restricting access to a group does imply preventing access to conceptually related entities like servers, deployments, etc.

    Support clients & tools that provide their own security model

    Configuration: See JON User Guide


    Goal: Allow interaction with systems that provide their own authorization scheme


    Implications: Systems like JON, that provide their own scheme currently can only operate the super user level

    Restrict visibility of attributesSuppress attributes on responses, i.e. read-resourcearguable
    Restrict visibility of operationsSuppress operations on reponses, i.e. read-operation-namesarguable
    Prevent execution of operationsExecution of operations with permissions yields a security exception