today we noticed that the RemoteExecution plugin/feature seems to allow the execution of jobs on all hosts a given user can see in Foreman (given the user has the permission
Additionally, the filter of the permission does not allow to limit the rights to a group of hosts based on the Foreman Owner.
Now, image a scenario where we have a usergroup which should be allowed to view and manage their own hosts and also view some additional hosts. If we want to enable Remote Execution for this usergroup, they currently gain REX permissions on all hosts they see.:
Did I miss something or is this the current behaviour?
I would suggest that we implement a new search filter for
create_job_invocations to limit the permissions based on the host owner (like
host_owner = current_user) or maybe use the
edit_host permission instead of