We have noticed a strange issue with our spaces/permission setup.
We have a space with some users limited to be the editors only. They can add a task but can not delete any and so on. This setup is valid and is working well in general.
When we have a project type aggregating tasks inside the space - they can assign themselves as Project owner and then they are granted full editorial rights. This is something which is actually a way around for the users to breach the permission setting of the space in general.
Is there a way to block it from happening?