|Restricting access to server groups|
Configuration: Server groups: "production", "staging". roles: "admin", "developer"
Goal: Restrict access to the production group to the "admin" role in to prevent messing with the production system
Implications: Server groups are part of the model but also a logical concept. I.e. restricting access to a group does imply preventing access to conceptually related entities like servers, deployments, etc.
|Support clients & tools that provide their own security model|
Configuration: See JON User Guide
Goal: Allow interaction with systems that provide their own authorization scheme
Implications: Systems like JON, that provide their own scheme currently can only operate the super user level
|Restrict visibility of attributes||Suppress attributes on responses, i.e. read-resource||arguable|
|Restrict visibility of operations||Suppress operations on reponses, i.e. read-operation-names||arguable|
|Prevent execution of operations||Execution of operations with permissions yields a security exception|