CRAN Repository is allowing the user do delete/override operations who don't have permission to delete/override content as per the security groups as we use POST method to deploy a Cran package.
Steps to reproduce:
- Create a user with permission read, annotate and deploy/cache
- Deploy a package first and re-deploy the same package using Artifactory REST API
it allows the user to overwrite the existing package
The logs are from event.log provided below