Assign roles and filters to usergroups
I have a use case where we want to give readonly access to set of users, but limit it to hosts that are in a specific domain. Currently, I can edit the individual users to set this permission (using the user level filters), but there is no way to do it for a set of users without actually editing each user.
I feel that anything that can be set permissions-wise for an individual user, should also be able to be done at the usergroup level. It looks like the main three things that we are missing are:
1) administrator permission
2) assigning roles
3) setting filters
It looks like there was a ticket already opened on this topic but it was resolved. http://theforeman.org/issues/1494
One thing that will need to be resolved, is what to do if there are permissions set at both the usergroup level and the user level. (Thing just a union of the permissions is the way to go.)