Description of problem: @40017/Oracle Granting a user the 'Edit Item' privilege allows the user to delete any item. To Reproduce: 1) Create a new CMS User, add them to a role w/o 'Edit Item' or 'Delete Item'. 2) Create an item. 3) The user can't delete it; no delete link appears. 4) Grant 'Edit Item' to the user. 5) The user now sees a 'Delete' link next to the items, and can successfully delete them. From talking with Scott, it isn't 100% clear that this is a bug; this may be allowed by implied permissions, but possibly the permissions are too large. Dan, could you & Scott & whomever hash this out? If it isn't a bug, we need to assign a documentation task to kwade or charjt.
I vote for not a bug, because there is such a fine line between delete & edit - someone with edit privilege can just as easily delete all the body text.