User accessing data he's not supposed to see


I’ve enabled ACLs on Organization, and defined AclPrivilege to connect users to organizations.

The problem is that I have a user who’s assigned to 2 Organization but can see 3 more (5 in total).

I checked the acl entries and he appears only on the 2 Organization he’s supposed to see for the rest I tried to check if the groups/roles he’s member appear in the acl entries but it’s not the case!

Is there something else I can check that could explain this?


What roles does the user have? Its possible that the the user could have one or more action conditions that override ACLs. Are there ACL entries for the 3 organizations that the user cannot see? Does this user below to the the groups associated with the entries?


It was the actionConditions that I did not update! Thanks a lot.