Hey guys,
In my NEOS instance i would define Permissions and Privileges for Backend Users to change and publish the content of the node: 497b2458-818f-4eba-9d44-7d048ddf911c
I’ve tried this, but I can’t publish the changes. And the user should be: not allowed to see the other pages only 497b2458-818f-4eba-9d44-7d048ddf911c
if no privilegeTarget is defined for a resource (e.g. a Node in your case), no access restrictions are applied to this resource - so effectively this looks like an “allow” to the user.
as soon as you define a privilegeTarget, the security framework takes over for this resource. It checks if there is a privilege for the currently logged in user and the given privilege target. if there is no privilege found, it defaults to DENY.
this is exactly what happens in your case.
So, to fix this, grant Admin the privilege to editAllNodes