Current thinking about the design: http://community.jboss.org/wiki/ManagementLayerRBAC
AS is going to get role-based access control to resources (and maybe even attributes even though that is currently not a favourable approach). This is going to be distinct from RHQ authorization, which makes a lot of sense. The AS needs to be secured in and of itself because it can be configured to be remotely accessible. RHQ is not the only way of managing the AS.
As for the integration between RHQ and AS, the easiest and possibly the only workable solution is for RHQ to just use a user with certain AS-assigned privileges (preferably a root, but that might be at the discretion of the AS admin) and for RHQ to do as much as possible within such security restrictions. When granted full access, it would be great if RHQ itself could manage the access control of AS. This is fortunately a part of the current requirements (i.e. the model must be "mappable" by RHQ/JON) and we must stay engaged in the discussions so that we have a good understanding as well as some influence on the final design.
There are a couple of challenges the AS needs to address:
The management tree looks differently on domain and on host controllers/standalones - this creates a difficulty with mapping the functionally corresponding parts of the respective trees
Parts of the management tree have implicit relationships expressed only in code - i.e. configuration of a server-group affects the configuration of servers present on hosts. This makes it non-trivial for the user to figure out what permissions to assign to which parts of the tree to achieve some behavior.
Both of the above makes the decision about the nature of the access model difficult. It's not decided whether it is going to be permissive vs. restrictive, inherited or per-resource, etc.