Hello,
We are trying to alter default security setting for role owners such that they will see role related pages only in "read-only" mode. For this purpose we have create below SecurityContext.csv file and uploaded it from the UI. However, role owners still have edit privileges on roles.
Are we missing any step?
When a security context file is uploaded using the UI interface, the entitlements defined in it do not override what is defined in the default SecurityContext.csv file. The UI interface can only be used to add additional user entitlements.. For example, to grant View/Edit privilege on roles to a user defined by custom user attribute on the role.
If the privileges granted by default security context need to be restricted, the only way that can be done is by changing the SecurityContext.csv file that exists in WEB-INF folder.