I have a problem with an end user permission that seems to get ignored: I wanted to demonstrate the usage of the end user permission and assigned a role to a User (for simplicity's sake as an entry point, no worksets, pages etc. involved) and enabled end user permission on the role for that particular user.
Now when that user logs in he gets to see the according entry in the navigation bar as expected. However if I disable the end user permission, log out and again log in the user, he stills sees the link. The end user permission setting is simply ignored. Can someone shed light onto this, could there be something wrong with the installation)?
I don't think this is an issue of permission inheritance (the role permissions are set explicitly anyway) or overlapping permissions due to membership in several groups - the user is only member of the single standard group 'authenticated users'.
P.S. What's the use of a role assignment to a user without end user permission anyway (I mean why the option)? What happens if you don't add permissions on a Role for a certain user at all (I tried it, but the effect is the same as described above - end user permission seem to be irrelevant)?
what you have described is actually not a bug. The end user permission setting on role objects has no effect on the runtime availability of roles in the portal navigation.
This means that if you have a role, you will have permission to see all iViews and Pages in this role.
So the question is what's the use of end user permission then? It's used to restrict permission to (displaying) objects in portal utilities that display the Portal Catalog in an "end user" runtime environment. A good example for this is "Page Personalization". You can see here only objects you have end user permission for.
For more detailed information check this link:
Hope this helps,