-
Incident report
-
Resolution: Unresolved
-
Trivial
-
None
-
2.1.0
If a user has no write permissions to any host groups, he shouldn't be able to create, update or delete actions. It is currently forbidden in the frontend (most likely due to a bug, will be fixed in ZBX-6640) but possible via the API.
This permission check should be moved from the frontend to the API.