Hi, I believe the option for Strict Rights in Security Groups is not working properly.
I have checked Additive Rights and Strict Rights and unchecked everything else.
Then I creates 2 roles:
- opps_no_edit, users can list and see details of their own opportunities, but can’t edit.
- opps_edit, users can edit their own opportunities, the rest is not set
Finally, I created 2 security groups,
- no_edit, including the opps_no_edit role and the user John
- can_edit role, includind the opps_edit role and the user John
Very well, what I would expect is that when I create an opportunity and assign it to the user John and assign security group no_edit, John can list and see details of such an opportunity, because the Strict Rights is checked, but can’t edit it, because the can_edit security group is not set to this opportunity.
Then, if I assign the can_edit security group to this opportunity, John should be able to edit.
The case is: John is always able to edit the opportunity, no matter if strict rights is checked or unchecked.
I believe John should not be able to edit the opportunity unless the can_edit group is assigned to the record.
I am missing something here?