I am currently trying to set an RBAC policy to hide a page “P” from a user with a role of “X”. The way I do this is by doing the following steps
Make sure target user has a role of X applied to them.
Navigating to the permissions page for the page I want to hide and selecting “Deny” on Read page “P”, then saving the changes.
This does not hide the page. However, if the “Deny” on Read page “P” is set on the Authenticated role instead, the page is successfully hidden, regardless of the state of Read page on role X, which doesn’t make sense, since according to the documentation, common roles should have priority over the Auth role.
I have attached some images showing the current setup for the user. I am using v2021.9.6, and I’m currently unable to upgrade to the current version of corteza.