I have created a user with all resource level permissions(No Global permissions). This user is primarily responsible for managing JBoss AS applications and deployments on server1. (JON manages few servers i.e server1,server2 and server3). He doesn't have access to any resources in server2 and server3. He is not a JON admin.
When I try to deploy new package to an existing application , I got the following error
Failed to associate package [JonTest.war] with channel ID [500550]. Cause: org.rhq.enterprise.server.authz.PermissionException:Subject [websupport] is not authorized for [MANAGE_INVENTORY]: invocation: method=public void org.rhq.enterprise.server.content.ChannelManagerBean.addPackageVersionsToChannel(org.rhq.core.domain.auth.Subject,int,int[]) throws java.lang.Exception,context-data={}
Since deployment of packages is main task for this user, I assigned global permission "Manage inventory (resources/groups)". After the new permission assignment, User is able to deploy packages.
Now, the issue is , he can see all the servers in the inventry (server1, server2 and server3) , but the group assigned to him has only server1 access.
My question is how to deploy packages without having any global permissions ? how to restrict the user not to see all the resources ?
Thanks & Regards
Senthur
Due to this issue, We are not able to restrict the access to users.(As we need to grant inventory global permissions).
Please look into this issue and let me know your comments ASAP.