I have create a new role ROLE_B. In my repository I have a folder Test where the default ROLE_USER has Read Only permission and Role_B has No Access. Through the cumulative permissions where the most restrictive permission is take, if I have a user X with both ROLE_USER and ROLE_B, the No Access permission should be applied. This is not working as expected and user X has Read Only permission. If I switch around permissions granting ROLE_USER No Access and ROLE_B Read Only, the the user has No Access. Is this a known bug? Any workarounds?