The Object based and resource based authorizations work almost in a simialr way.
The difference is that resource based has some special purpose permissions which are only relevant for resources e.g.
you can browse, audit, snapshot a server, or a device.
The difference will become clear if you can differentialte between a system object and a resource in BladeLogic.
Eveything in BL is an object, but resources are things like Servers, Devices and even components, in simple lanugauge all objects that are or represent an actual physical entity , e.g. Servers and devices are resources, you can do browse, or a Job execute on these.
On the other hand, just a Deploy Job is nothing but an object, only an object.
Good example is a Component template, its just an object untill and unless you run discovery and create a Component out of it, a component is related to an actual configuratin on a system -> which becomes a resource, as you can run browse, snapshot , audit etc on the Component.
In summary, if your role A has role level auth to do a deploy job execute and also has a object level auth on a defined deploy job , it will also need you to have resource level auth on an existing Server object, with a specil purpose permissions DeployJob.execute to actually run the deploy job against that server,
If any of these is not present, you will not be able to achive the aim of deploying something on that particular Server.
Hope, I was able to explain you.
This really clarifies all my confusion.
Thanks a lot for such a nice explannation.
Great explanation, Rohit!
Thanks Prabhat !