In order to restrict a user/group to only deploy or stage packages set the security profile permissions as below:

- In the DSM Explorer, go to Security Menu -> Security Profiles

- Select the user/group for which permissions have to be set. (In this example, we are using 'Software Push')

- After selecting the group, click on 'Class Permissions'.

- In the Class permissions window, define the class permission for Object Class as below:

-software job container: cvrx 
-software job: cvrxwx 
-deployment job: cvrwxdpo (Can have cvrwx also) 
-software package: vrx 
-software group: vrx 
-software category: vrx 
-procedure group: vrx 
-procedure: vrx 
-computer: vrx 
-asset group: vrx 

The rest of the objects should be set to 'No Access'

NOTE: If you want the group to be able to deploy DSM Plug-ins too, then you would need to set the following in addition to the above list.

• Control Panel Access - Manage (VRX)
   
• Deployment Job - Manage (VRX)