Hi everyone, I have some questions about access policies. I tried to connect as a Reader, and I see on the UI that: • I can go to Analytics page and Ingestion page (delete a source, see the parameters used for db connection and secrets!) • I can create and modify domains • I can see and use the edit action buttons (for ex Documentation), use the WYSIWYG editor and finally when I try to save, I've got this message error: "Update Failed! Unauthorized to perform this action. Please contact your Datahub administrator." When I say "connect as a Reader": • I first created a user with the role Reader • I created another user without role but with a policy with only "View Entity Page" privileges. Is it normal that as a Reader, we can see all these things? Or, is it a parameter issue? I saw in some comments, that showing edit buttons for readers is something that could be changed one day. But what about the ingestion page? This page is kind of confidential for some users.

hey Mathilde! hm yeah that definitely seems wrong and not what was intended for the Reader role. Can you check your policies to ensure there isn't a global access policy enabled by default? For example, there may be a policy enabled like "*All Users - All Platform Privileges (EXCEPT MANAGE POLICIES)"* that you should disable to see the true functionality of a reader role

Hey @happy-baker-8735 did you manage to have Readers users without the option edit the assets?

Hi @clever-author-65853, as a reader, I still can see the edit buttons. But I have the message error ""Update Failed! Unauthorized to perform this action. Please contact your Datahub administrator."" when I validate. We use v8.45.

@bulky-soccer-26729 is it planned to hide edit buttons from UI for Readers users?