Description of problem:
Currently, our edit permissions for hosts are kind of binary. Either you can edit a host completely or you cannot at all. Users would like to have permissions set up in a way that only a certain host attributes could be modified, for example Puppet parameters.

Original problem description as reported by a user:

I created a Role with the following filters

Parameter create_params, edit_params, destroy_params
Host/managed view_hosts, console_hosts, puppetrun_hosts

Unfortunately, on the host page, this role is not allowed to click the "Edit" button. However, if I add the filter `Host/managed :edit_hosts` then I am able to edit hosts, but it allows me to change other properties of host as like ip addr etc . "edit_hosts" provides much more privileges that needed for editing puppet parameters.