Description of problem:

You can execute git clone via ssh even with the user which has role 'user' assigned.

This directly contradicts with the Role definition in
http://docs.jboss.org/jbpm/v6.0.1/userguide/wb.Workbench.html#wb.Roles

============
9.4.2.4. Business user

Daily user of the system to take actions on business tasks that are required for the processes to continue forward. Works primarily with the task lists.

Does process management
Handles tasks and dashboards
=========

I can easily push changes to the business assets even if I am only user/manager. This seems like a security policy violation.

Version-Release number of selected component (if applicable):
bpm 6.0.2

How reproducible:
always

Steps to Reproduce:
1. Create user via ./add-user.sh , set role 'user'
2. git clone ssh://user@localhost:8001/repository1

Actual results:
it is possible to perform git operation such as ssh clone, add, commit, push with only 'user' permission.

Expected results:
role 'user' shouldn't have the possibility to perform operations like git clone, push via ssh as it directly contradicts with the documented role definition.