I secured a suboject. and provided the rights of "read only" to specific group. When logged in as a member of that group, I see the delete button even though when i click on the delete it won't allow me to delete. It says you don't have the rights to delete this record. Is there a way to get rid of it?
Clear the Browser caches and, if needed, application caches as well. If the issue still occurs, then check if then remove the user from the security group, which is having the Read access for that secured subpage. Check what happens then? Ideally, the user should not be able to see the Subpage, after that activity. Then add him back to the group and see if that helps. Also, check if the issue is only happening with other users, having similar rights, like the affected one.
The way I have the rights assigned is the following:
Basic group for user access
Global access rights for :
Application view all
Subobjects view all
among with other rights
Department specific groups
OBS unit access rights for:
Application Edit all
subobjects Edit all
So a department member can view all applications and only edit applications within their department. It works fine, only the delete button appears with no rights to delete. Based on the tests that I performed, If a user log in using the basic group for user access only, I don't see the delete button. So I assume it's coming from the Application Edit all right. Technically you are only suppose to see it within your OBS (edit and delete). But this is not the case. I cleared the browser cache and system caches, same results. Any ideas?
Is there anything "wrong" here?
Since the user has a mixture of view and edit rights over the instances that they have access to, I would perhaps expect that the "Delete" button were visible on a list screen as there might be instances on that screen that could be deleted. I'm just assuming that perhaps the functionality of checking individual rights and removing the check-box against instances that can not be deleted is just something the application isn't designed to do - by pushing the checking "overhead" down to the actual confirmation screen, "no harm is done".
(I'm GUESSING here, have not experimented at all)