These menu items should instead be coupled to the underlying functionality. Don't forget to document this change in UPGRADE and RELEASE_NOTES so that roles that previously required "/" can be tightened up.
Made some changes to add/edit end entities pages. To test that access still works:
1. Create three CAs
2. Create an end entity with RAAdmin rules, give access to all thee CAs, but not "All"
3. Create a Cert Profile with Access to CA1 and CA2
4. Create a EE Profile with Access to CA2 and CA3 and only the cert profile from step 3
5. Log in as the RAAdmin, go to add end entity
6. Verify that only CA2 is accessible
This can be tested in ECQ-43