For this one : we need same system than template.
Default Survey group list are :

• Survey group with this user access
• + current survey group.

In this scenario:

• superadministrator should be the only one that has the right to edit global survey settings.

For survey group settings:

• CRUD permissions at the global user management level: Create, View/Read, Update, Delete

Would that be alright or am is there any other possible scenario missing?

Not exactly , because in my opinion :

If an user can't read Group1 but a survey he can edit was in Group1 : Group1 must be in the list.

We don't need Permission here.

I check if theme have the same issue, if yes : it was already fixed before : but if an user don't have read right on a template (theme now) : we always add the template in the list.

Really something should be done. Now a user can modify settings for the default survey group. It's much worse than just a logo.

Really something should be done. Now a user can modify settings for the default survey group. It's much worse than just a logo.

? Can you explain ?

User 1 can change the survey group settings so that email notifications (for example) are sent to third-parties if the survey "inherits" the value from group settings.

About 16428:58509, yes, I see your point.
Then we can think of:

• Create: create survey groups and edit your own survey groups
• Read/View: view all survey groups and their settings
• Update: update other survey group settings that are not yours
• Delete

User 1 can change the survey group settings so that email notifications (for example) are sent to third-parties if the survey "inherits" the value from group settings.

It's false : User 1 can not see group : he need All survey access.

If user have only "create" rights : he can not see the group. Then he need "Update all survey" or "See all survey" ?

Then we can think of:

• Create: create survey groups and edit your own survey groups
• Read/View: view all survey groups and their settings
• Update: update other survey group settings that are not yours
• Delete

It's an easy step here, but still need Permission on group …

It's false : User 1 can not see group : he need All survey access.

I just tested this on a fresh install... and you are right. But what has been changed, as I saw this problem earlier. What is exactly the permission needed to change for example "Send detailed admin notification email to:" -setting in the question group "Default"?

@Jmantysalo : i didn't know. All Permission oin Survey group are unclear …

Maybe See all survey or Update all survey ?

5. Log in as restricted user

Which user is this?

Create an user with 'create survey right'
Give him all rights on one survey

The discussion about survey groups moved to 16440 . Is it ok if I close this ticket?
@Jmantysalo, I added you to the respective ticket as well.

Is it ok if I close this ticket?

Yes, of course.

@cdorin : it's not related to a feature about SurveyGroup rights here .

Else : it broke again.

If user can update Survey1 in SurveyGroup1 but don't have read access on SurveyGroup1 : it broke again, it's reset again.

Ah, I see - thanks for the additional info, @DenisChenu

I fix it quickly before working on real feature :)

Clone for 3.X

https://bugs.limesurvey.org/plugin.php?page=Source/view&id=30644