I have, for example, a test user assigned to a group “Read-Only” (with predefined read-only rights).
With this test user, I tried to access a page that I should not be able to access. This process worked as far as it went. However, I got a completely white page.
It would probably be nicer if, if you are not authorised, you are redirected back to the previous page and an appropriate message is displayed, such as: “You do not have the required permissions”.
For example, a read-only user has the ability to access the URL /management/users, although this page is not listed via the Settings icon. Here I would expect a white page.
Furthermore, I wonder why a read-only user, who in itself should only be able to read objects, is allowed to read sensitive information such as groups, users and ACLs. I would like it to be possible to set more restrictive rights in the future. - Is this already planned?
Furthermore, I wanted to ask whether unauthorised accesses are logged? Or whether it is planned to log such unauthorised accesses? This also applies to failed login attempts.
Many thanks in advance!
With kind regards