What does inherit mean in module permissioning?

I have a user who has a single role, sales rep. But somehow he gets read access to the module. There are no contextual roles. Why would this happen?
All roles have all access set to “inherit”.
What does “inherit” do?

Is it just a placeholder for something that’s neither deny nor allow?

See screenshot below for the salesrep who has access but shouldn’t.

It turns out by default authenticated users have access to read all modules and all records of all modules. This can be shut off here:


I now see that if you change the values of the authenticated role’s permissions, they reset upon server restart.

Is there any way to avoid that?
I don’t’ want all authenticated users to have list access to all modules

Hey @shmuel thanks for reporting; let’s continue on your GH issue please When I try to set authentication role permissions, they et reset upon server restart · Issue #838 · cortezaproject/corteza · GitHub

1 Like