Full access on a single document behaves strange

Hello, please help me figure out this situation, I am not sure if I found a bug or if I missed something in the logic of system usage.
I am using version 4.4.8 and I faced such an issue. I have two document types in the system T1 and T2. The role R1 has the full set of permissions on Document type T1 and all works fine here, the users with R1 can perform all the actions on the documents with type T1. Moreover, the role R1 has NOT any permission on the document type T2.
When a document is created with the type T2 and the full set of permissions are granted to R1 to that particular document I can not perform several operations, I can not preview the document, can not preview files of the document, and download them (it behaves like view and download permissions are not granted to the role R1 for the document, but they are), but I can perform a lot of operations on that document like adding a comment, adding a file, deleting files, etc (it seems except the mentioned operations I can perform all the other operations). It looks like a bug, please let me know if you faced such a situation as well.
Additionally, if I delete view document, view document files, and download document files for the role R1 on the resource T1 surprisingly the issue for the document with type T2 eliminates and I can perform viewing and downloading operations.

Thanks in advance for the help

Sorry to (mis-)use this thread for a related topic, because this forum software seems to be configurated, that I have to click a bunch of likes or produce a set of replies before being able to create a new topic…
Please someone with according permissions split off into a new thread.

How to separate document access for different user groups?

I followed basically

To be sure to have no upgrade artifacts on my migrated instance I am using a completely fresh installation of a 4.4.8.

I created the according users, groups, roles, document types, but I couldn’t find at any place a possibility to relate a specific document type to a specific role.
I also tried to attach ACLs directly to a document, but that also had no effect.

As a result I get that any user logged in with permissions to view documents always sees all documents.

I would be really grateful for any pointer!


Actually, it seems that previewing the document in the above-mentioned situation is related to transformation issues (maybe it is related to permissions on transformations). I am seeing Error 500 while hitting below endpoint in the browser network tab each time I try to preview a file:


Also, I see more than one 500 errors and all are related to transformations.