Example:
Supposed, a team role is set to allow users to see users of their own team only. In fact, when going e. g. to the list of contacts, assigned users will be shown, regardless of their team membership. All assigned users entries will have a link, but only those users of the own team can be opened. Clicking a link of a member of a diferent team will cause an error page "Error 403 - You don't have access to this area".
Suggestion:
Don't link assigned users in the list, whenever user is denied by role to see the detail view. This applies equally to roles or layout sets attached to a team etc.
Regards
agri
Supposed, a team role is set to allow users to see users of their own team only. In fact, when going e. g. to the list of contacts, assigned users will be shown, regardless of their team membership. All assigned users entries will have a link, but only those users of the own team can be opened. Clicking a link of a member of a diferent team will cause an error page "Error 403 - You don't have access to this area".
Suggestion:
Don't link assigned users in the list, whenever user is denied by role to see the detail view. This applies equally to roles or layout sets attached to a team etc.
Regards
agri
Comment