I have some issues trying to disallow a module role to create objects.
I want to restrict a role from creating entities of a certain type.
Assume the following:
Entity Employee with an enumeration EmployeeType as attribute.
Users with role A should only be allowed to see and edit employees with EmployeeType contractors.
So I added an access rule for role A, with a XPath constraint on "EmployeeType = 'contractors'". This works correctly, role A users can only see the employees with that role.
However when they create a new Employee with a different EmployeeType and save this, they do not receive an error and the employee is saved. I expected that an error would have been shown.