Plone 4.3.7 (4311), CMF 2.2.9, Zope 2.13.23 on Debian linux.
This site has a group for users with manager role. Multiple users are in the manager role group.
When there is turnover in staff some people with manager role have left the department. Normally their users have been deleted without incident.
However one such user is now causing a problem, as follows:
Former staff member had user that was a site manager.
When that staff member left the organization, their user was deleted.
Deleting that particular user caused the permissions of all other manager-role users and the original "site administrator" user to be changed.
Other manager-role users could no longer do most manager-role tasks such as add/edit/delete throughout the site. Exactly which permissions they lost I have not tested in detail. Suffice to say they lost essential manager permissions and could no longer function as manager role.
Restoring the deleted user (via a backup) fixed the problem.
AND, the same issue is caused by removing manager role from this user, even if the user is not deleted.
I am looking for any guidance on how to determine what was done with or by this user that caused this problem. I need to get this user back to a state where changing their role(s) or deleting them no longer affects other user roles/permissions.
Where would I look, and what am I looking for, that could cause something like this?
I am not familiar with the details of role and permission settings and customization behind the scenes, never have needed to mess with that.
I do not see any way something like this could have been done from within the plone UI - could it?
I suspect that something was accidentally done with roles and/or permissions via the ZMI. As a manager they would have access to the ZMI, BUT should not have done anything there. It would have been a mistake they did not know they were making.