When the View All, Edit All, and Delete all options or enabled for a specific role for a specific content type, does this include unpublished content not owned by a user with the mentioned role?

If they are not supposed to view/edit/delete another users unpublished content, would you consider that a security issue?

Comments

thekevinday’s picture

Status: Active » Closed (won't fix)