Major How to reproduce it :
- create a content
- select this content in the profil assignment panel
- Configure it like in the attached sceenshot
- in an other session, login with simple contributor
- Open the page and select the content
> the simple contributor can edit the content, modify it and save.
[RUNTIME-3014] By heritance, the simple contributor should not be able to edit the content that has been forbidden to all connected users except the administrator
Laurence Aumeunier
added a comment - The user is excluded from any connected users on the content itselft.
But he is user authorized on all contents.
The authorization wins because a user authorization is always stronger than anyconnected users. But we should look at the context : all contents vs the content.
Laurence Aumeunier
added a comment - The user is excluded from any connected users on the content itselft.
But he is user authorized on all contents.
The authorization wins because a user authorization is always stronger than anyconnected users. But we should look at the context : all contents vs the content. 
Maybe this should be discussed... I'm not a 100% sure that local should be better than inherited.... TBD