I have a user who has a single role, sales rep. But somehow he gets read access to the module. There are no contextual roles. Why would this happen?
All roles have all access set to “inherit”.
What does “inherit” do?
Is it just a placeholder for something that’s neither deny nor allow?
See screenshot below for the salesrep who has access but shouldn’t.