Hi, I believe the option for Strict Rights in Security Groups is not working properly.
I have checked Additive Rights and Strict Rights and unchecked everything else.
Then I creates 2 roles:
opps_no_edit, users can list and see details of their own opportunities, but can’t edit.
opps_edit, users can edit their own opportunities, the rest is not set
Finally, I created 2 security groups,
no_edit, including the opps_no_edit role and the user John
can_edit role, includind the opps_edit role and the user John
Very well, what I would expect is that when I create an opportunity and assign it to the user John and assign security group no_edit, John can list and see details of such an opportunity, because the Strict Rights is checked, but can’t edit it, because the can_edit security group is not set to this opportunity.
Then, if I assign the can_edit security group to this opportunity, John should be able to edit.
The case is: John is always able to edit the opportunity, no matter if strict rights is checked or unchecked.
I believe John should not be able to edit the opportunity unless the can_edit group is assigned to the record.
I described the roles and groups setup in my post. It’s not because John is the owner. If I uncheck additive rights or if I remove John from can_edit group, then John isn’t able to edit the opportunity.
According to my understanding, if strict rights is checked, then only record explicitly assigned to a certain group gets the rights of that group to that user.