Judging from the length of the group name and the descender showing (possibly the bottom part of a 'g') at the same location, it does seem like that's just "Document Processing", but then why is it redacted?
I can see the unnamed (?) user below Ivan with both "All Users" and "Document Processing", so my first thought was: Is there a 3rd permissions group that might still provide Ivan with Edit access?
Hey @avr! Thanks for reaching out - I'm particularly interested in figuring out what's going on here, as the potential ramifications certainly aren't great. The good news, in some ways, is that I'm not able to reproduce this same behavior. This means that it isn't a widespread vulnerability, but does make debugging more challenging.
That said, I think I've narrowed down the possibilities. Was Ivan the founding member of the org? Or the original author of the app? I'll follow up internally, because I think there might be something wonky here.
You're right that Ivan was the founding member of the org. After Ivan initially set up the Retool organisation, we decided it was best to make Alexander admin instead of him.
As you can see, Ivan does not have any editor permissions but can still edit apps when logged in.
UPDATE: After talking to the team, I want to clarify that this behavior is intentional. The creator of an app is automatically granted direct Own permission that supersedes any group-level permissions. We are looking at ways to make this more clear, but the below solution does allow you to revoke that implicit permission.
Thanks again for flagging this, @avr! We've identified the root cause and are taking a closer look. In the meantime, the current admin user can directly revoke access via the app's Share menu.
