Some use cases to proof the concepts put into place.
Restricting access to server groups
Configuration: Server groups: "production", "staging". roles: "admin", "developer"
Goal: Restrict access to the production group to the "admin" role in to prevent messing with the production system
Implications: Server groups are part of the model but also a logical concept. I.e. restricting access to a group does imply preventing access to conceptually related entities like servers, deployments, etc.
Support clients & tools that provide their own security model
Configuration: See JON User Guide
Goal: Allow interaction with systems that provide their own authorization scheme
Implications: Systems like JON, that provide their own scheme currently can only operate the super user level