Big BUG issue on contact security
We have discovered a rather large bug in the system. We have user settings set up in a way that allows some of our staff — who don't have authorization to view contacts — to see the reports tab. It should not allow them to click into our contacts, because that access was removed; but there's a loophole that allows them to see the contacts.
I would have attached a screenshot, but maybe this is another bug: I can't seem to upload it.
This is a page they need to be able to access... but the highlighted column — which they can click through to view contacts — does not need to be there for them. What can we do to close this access loophole?