Our application was impersonating an account that had viewer uploader permissions on a folder in Box and was able to delete a file thru the API (not Web UI).
My understanding was a viewer uploader did not have delete permissions. Is that in the Web UI only?
Question
Account with viewer uploader permission was able to delete files using API
Update to this issue. It might be user error. The account above was a co-admin.
If a user is co-admin, does that super cede any folder level permissions that were set on that account. If a co-admin is assigned ‘viewer uploader’, that permission is ignored because they are a co-admin?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.