EWM 7.0.2 permitted a user to update an enumeration without associated permissions
the user has a role that does not have permission to "Save enumerations" yet they were able to do so.
they are not in the Project Admin group, they do not have the role "enumeration editor" or "process specification" permissions so how was this user able to edit and save an enumeration that is part of the process specification.
One answer
One reason could be: Every user has the default/everyone role. Unless this role prevents save enumerations, a user would have this permission.
It is a common misunderstanding that somehow being in the admin group would provide all permissions. It only allows the user to manage the project properties and save the change process specification. They need to provide themselves a role and only get the permissions granted to their roles.
Comments
The everyone role only has permission to save a personal dashboard, add comments or an attachment nothing else.
The persons role does not have the permission to save enumerations either ... so I don't know where he's getting that from - he's not in any other team that could potentially give him that permission.
I do not know. My experience over the years has been, something like this is usually a setting issue and not a defect.