Hello,
I'm using version 3.2 SR2 and I modified the following security rule:
CreateAppObjectsPublishedApp
adding the below condition :
and (user.group="role_dev" or user.group="role_ext")
---
!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and (user.group="role_dev" or user.group="role_ext")
---
However I noted a user not belonging to the "role_dev" or "role_ext" is able to create app objects ex. sheet object.
Is it a BUG ???
Please let me know asap.
Many thanks in advance for your time.
Best Regards
Andrea
