Currently the topoogy presenter is using the following @AccessControl annotation:
This has a number of drawbacks:
- When the user is assigned to several server-group scoped roles (all of them addressable), only the first addressable group is taken into account when the security context is created.
- The wildcard for server-config does not result in exact operation permissions for the distinct servers.
To address these issues, the topology presenter should create a security context using the resources from the current topology. Thus the presenter would first read the topology and then use this information to create a security context with addresses for the server-groups, hosts and servers.