Issue with the roles

[ceracine]

Hi everyone,

I'm testing new stable version 5.2.1 to compare it with the previous one (in order to improve our institutional data repository, which already runs on NADA).

However, I have trouble with the roles and permission.

I've created a role to manage licensed request, but limited to only one collection. Therefore I used the "Permissions by collections" section when editing my new role (see image attached). But it doesn't seems to work, as my user can edit and manage all the licensed requests, even the ones in other collections.

Moreover, this user can see all the administrative dashboard (for example the menu Users, Reports or Setting) even if he doesn't have the rights. The pages are not accessible (error 500), which is normal as he doesn't have the permission to access it, but shouldn't it be invisible from the dashboard ?

Do you have the same kind of issues on your repositories ? Is there a manual action to perform to correct this problem, which isn't detailled in the documentation ?

Thank you in advanced for your help !
Céline

[mah0001]

Thank you for the detailed description of the issue, looking into this and will post an update soon.