Roles & Users - Displaying a complete list for the user that should only show the ones he created

[eucelso]

Bug report

Required System information

• Node.js version: v20.0.0
• NPM version: 9.6.4
• Strapi version: 4.24.4
• Database: mySQL
• Operating system: Mac OS
• Your project is Javascript or Typescript: JavaScript

Describe the bug

Well, I'm trying to configure some roles for my project, currently two roles were created:

Super Admin
Super Admin Client

The idea here would be to have a project in which I have N clients and each client can register 1 editor user and he can register as an admin, that is, he can register a new role for the editor and register a new user.

The table access part is working normally and each client only sees its records.

However, there is something strange about configuring roles and users, because even though it is configured to only have access to data that he created, he can see the complete list of roles and users.

In other words, he can see the list of roles that the Super Admin has registered and their users and customers.

Steps to reproduce the behavior

1. Go to the Settings page
2. Create a new Role
3. In the Settings tab, access the Roles & Users link
4. Select all
5. Access the Settings button
6. Create the rule to "can create / read / update / delete" only "is creator"

Expected behavior

The expected behavior in my opinion would be, if configured in the Roles & User section with the "is creator" filter, it would display roles and users that are the owner.

Screenshots

Super Admin

Client

Code snippets

I opened some discussions on Discord and Forum here
https://discord.com/channels/811989166782021633/1019655562092355594/threads/1250754131711234098
https://forum.strapi.io/t/how-to-configure-roles-admin-editor/39129

Additional context

I also tried to make other personalized changes, but without much result as the log for the functions that were created did not even load, and following the doc creating just this structure, Strapi would import these files and apply them. And listing the current polices that I created "api::user-permissions.is-super-admin-or-client-super-admin", is in the list but the logs that were placed in it are not displayed when expected.

[eucelso]

Hey guys,

Can anyone help me here? Or someone has gone through this situation.

[github-actions]

This is a templated message

Hello @eucelso,

I see you are wanting to ask a question that is not really a bug report,

• questions should be directed to our forum or our Discord
• feature requests should be directed to our feedback and feature request database

Please see the following contributing guidelines for asking a question here.

Thank you.

[strapi-bot]

This issue has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/roles-users-displaying-a-complete-list-for-the-user-that-should-only-show-the-ones-he-created/47869/1