I’m encountering an issue with project permissions in Kanboard and would appreciate your insights.
In my project, I have several groups with different permission levels assigned. However, when a user is a member of more than one group, Kanboard seems to apply the lowest permission level from those groups to that user. For example, if Group A has “Manager” permissions and Group B has “Viewer” permissions, a user in both groups ends up with only “Viewer” access.
This behavior feels counterintuitive, as I would expect the user to receive the highest permission level from any of their groups. I have double-checked my configuration and tested this with a clean setup, and the result is consistent.
Is this the intended behavior in Kanboard, or could it be a bug or misconfiguration? If it is by design, are there recommended best practices or workarounds to manage permissions effectively when users belong to multiple groups?
Thank you in advance for your help!
Update: I need to clarify my previous post after further investigation.
The issue I described above actually occurs specifically when using custom roles, not with the standard permission types (Manager, Member, Viewer). The standard permission levels work correctly and do grant the highest permission level when a user belongs to multiple groups.
However, when I create and assign custom roles to groups, these custom roles seem to overwrite all other permissions, even among themselves. When a user is a member of multiple groups that have different custom roles assigned, instead of receiving the most permissive access, the user ends up with the most restrictive permissions from all the custom roles combined.
For example:
- Group A has Custom Role 1 (with specific permissions set)
- Group B has Custom Role 2 (with different permissions)
- A user in both groups gets the restrictions from both roles rather than the combined permissions
This suggests the custom role system may be handling permission inheritance differently than the standard role system. Has anyone else experienced this behavior with custom roles specifically? Any insights on how custom role permissions are meant to be resolved when users have multiple group memberships would be greatly appreciated.