26 Jun 2007
25 Jul 2007
Link to this post
I have a bunch of different roles, including say X and Y. I have a page Foo.aspx which grants View permission to X and denies it to Y (and denies anonymous access).
I have a user A in only one role: Y.
After logging in user A, and typing the URL of Foo.aspx, user A is able to view the page. It doesn't appear in the navigation menu, but the user can still access it if they know the URL.
This is not the behaviour I would expect, but I haven't come across any posts about it. Can anyone help?