At this time, when a Plugin is undeployed, the ResourcePermission entries in the database for the Plugin persist in case the Plugin is redeployed. However, there are instances where users may want to remove all database entries in order to have new security-role-refs apply or to have a blank slate in setting Plugin Permissions. An option in the GUI where a user can clean up these permissions would be beneficial.
Steps to Reproduce:
1. Build the Calendar Portlet
2. Navigate to the WEB-INF folder of the Calendar Portlet
3. Open the portlet.xml file
4. Note that the security-role-ref tags are set as below:
5. Deploy the Calendar Portlet
6. Navigate to Control Panel > Plugins Configuration > Calendar
7. Note that Administrator, Guest, Power User, and User are listed. They all have the "Add to Page" permission. This is expected
8. Undeploy the Calendar Portlet
9. Open up the portlet.xml file and adjust the security-role-ref tags to the below:
10. Deploy the updated Calendar Portlet
11. Navigate to Control Panel > Plugins Configuration > Calendar
Result: Note that the same permissions are listed. If the permissions were updated, then only the Administrator Role should be there. This is security-role-ref tag does not update existing permissions in the ResourcePermission table, but only creates new entries. And since ehe entries in the ResourcePermission table persisted after undeployment, the updated security-role-ref did not take effect.