Category Level Security for Views
There looks to be an issue with how view security is being applied at the content category and sub-category level.
In terms of editing and/or deleting views, access security is being applied so users or groups can only edit/delete if they have the appropriate level of access, but there is still the issue of visibility.
Although a content category/sub-category could be hidden completely from a user or group, they can still see the view if they click on the 'All' grouping in the Browse section.
Are there plans to update this access control so that it matches with security for other content such as reports or dashboards.
To replicate this issue follow these steps:
- Create or edit a view
- Save the view in a secured category/sub-category
- Log in as a user without access to that category/sub-category
- The category/sub-category won't be visible, but the view is still visible if you click on the 'All' grouping.
This issue is found in all newest builds of 7.4, 8 and 9.1.