I run Chirpstack v4 on Docker. When I create a user, and add it to a tenant without any editing rights (not admin, not tenant admin, not gateway admin, not device admin), the user can still delete the existing devices. Am I doing something wrong?
I was unable to confirm this via the web UI, but I did not test via gRPC directly. I was not able to delete a device as an unprivileged tenant user, but strangely, when I attempted to do so, it logged me out(!).
Thank you for prompt response and explanation. Yes, you are right, neither device nor gateway can be deleted by unprivileged user. If attempted, the unprivileged user will be logged out. I confirmed that also with my instance of Chirpstack, but what confused me was that these buttons (Add gateway, Delete gateway, Delete device) even exist and are enabled, if a user is unprivileged.
Could you create a GitHub issue for this, then I’ll look into this and fix it where needed. This is not intentional (Issues · chirpstack/chirpstack · GitHub)