Today I faced permissions issue or rather a conceptual problem with permissions.
I have a user with role (say 'editor') that gives him ability to only edit/view specific page. I don't want him to be able to add subpages or delete this specific page.
Unfortunately, while he has 'edit' permission, he is able to change 'Creator' field to himself, and then he becomes 'Owner', which gives him wider permissions.
I'm not sure how to deal with this. Maybe creator field should be changeable only by manager (and owner?).