I am trying to find an explanation of a default behavior I am seeing related to list applicability.
Within UI builder, I created a m2m map to show a specific list item to a specific applicability/role.
While impersonating the user with the role (sn_customerservice_agent), everything appeared to work correctly, but while "cleaning up" my test, I was able to delete the m2m record as the impersonated user. The user did not have admin or any uibuilder related permissions.
Upon further investigation, I noted that all applicability tables (layout, m2m, and list) create/read/write/delete ACLs have snc_internal as their requirement, which appears to have been set OOB.
Does anyone know the reasoning behind allowing any internal employee to delete applicability and their mappings would make sense, or am I missing something from my investigation?
