with the release of 1.9.2 project admins have access to the new export/import functionality. Thanks for that great feature.
To check permissions i asked a team mate to access the pages. He has access to his own projects. However, he can also export and even import my projects. He is also able to edit my projects. I have checked permissions, therefore. Myself i am a project admin to the project. Also registered users have permission to “configuration.view:all”. I do not understand, why my team mate is able to modify and export/import my project configurations. Only if i modify registered users and set “deny” permission to project administrator and edit project i can stop him from doing so.
Is this actually the default behaviour or is this a bug?