Question to the community:
Does it work in your installations, when you make a configuration like me the user can only view not edit?
I’ve tested ist now in another installation with the same result. So I wonder if it’s a general bug or if I understand something wrong about the usage of these roles.
For me it works fine. Zammad will show an “Not authorized” alert if I try to add a note. Permissions “read” and “overview” defined in role “test”, no other roles assigned.