ACLs for Parameters need to be more fine grained
Currently, a user cannot delete a parameter unless he has permission to delete the whole host. That's not going to work in our infrastructure, and I suspect the same for others too. I want to give lower levels of support the ability to modify a host (including creating or destroying parameters) but not to delete the whole host (along with it's reports, which are valuable).
Furthermore, it probably makes sense to have a similar separation for the classes tab as well - I'd really like to restrict one level of support to parameters only, and the next level to editing (but not deleting) the whole host, and the top level has full access. However, only the parameter ACl is really needed right now.
I'm happy to have a go at this, so this feature request is mainly to remind me :)
fixes #1324 - Separate permssions on hosts from permissions for objects within hosts.
This allows a user to be granted permission to edit the host (and so change the group or proxy) but not, for example, edit the parameters
This could probably be extended further if necessary.