I created a new customised content admin role to segregate content admin users to manage their own resources. I need the custom content admin to be able to create new stream and manage the security access rule for the stream he/she created/owned. However the custom content admin is still able to edit the security rule for read-only streams although other sections within the stream remained as read-only. Has anyone done this before? Appreciate advise from the experts out there.