Closed (won't fix)
Project:
Content Access
Version:
6.x-1.1
Component:
Miscellaneous
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
3 Apr 2009 at 13:14 UTC
Updated:
9 Feb 2011 at 16:39 UTC
When the View All, Edit All, and Delete all options or enabled for a specific role for a specific content type, does this include unpublished content not owned by a user with the mentioned role?
If they are not supposed to view/edit/delete another users unpublished content, would you consider that a security issue?
Comments
Comment #1
thekevinday commented