Creating/editing user groups; performance degradation over REST api

["Robert M. Mather" <ro...@gmail.com>]

I've found the user group configurations in
server-allinone/conf/org.apache.ace.server.repository.factory/ace-user.cfg
and I'm trying to understand how this system works and how I can customize
it.

We're moving from beta into production with several hundred targets at my
company right now, so I need to hand off provisioning to the ops team, but
I don't want to give them full access to all ace operations.

I want them to be able to do anything with targets and distribution2target
associations, but only view everything else. Our dev team will be doing
everything up to and including creating distributions.

I've tried editing ace-user.cfg and successfully preloaded another user
under a userGroup that I added with only the permissionGroup entries for
the operations I want them to be able to do. I logged in with that user,
but was still able to do any operation without restriction. Is the roles
system actually implemented yet? Have I set it up incorrectly?

If not, then we'll need to implement our own UI that restricts what the ops
team can do. We've started down that road but noticed that the time to
create a workspace over the rest api grows steadily slower as we use it,
even though we are calling DELETE on the workspace once it's committed.

We're really enjoying ACE so far and it meets our needs well. Just a few
more of these details and we'll have a full production deployment going!

Thanks for the help,

Robert