User with Read-Only permissions can request/approve public disclosure

Hi, I found out that a user who belongs to a group with Read-Only permission can still request and approuve public disclosure when the report is closed by privileged admin although that these permissions are only allowed if the user group has **Report** scope. Consequently, the team member with limited scope can also post public comment through public dislosure request and that contradicts what was expected. **Proof Of Concept :** 1. Create a new user group with Read-Only permission 2. Add a user to the group. 3. Log in with that user account and browse a Closed report, you should now be able to request public disclosure. Kind regards. Yassine ABOUKIR