Hi @ebonweaver,
Thank you for the review and the feedback.
Sorry for the trouble you experienced.
I have just retested this thoroughly with all the permissions. Each permission corresponds to a capability, so there is no code that grants random system permissions.
To allow a user to access the backend and access Zephyr, you can add the “Access Backend” permission and then the specific permissions you want them to have within Zephyr such as “Create Tasks”, “Create Projects”, delete and edit permissions etc. You can allow any user to access the backend and access Zephyr and use it, so it is usable for each role.
The “Manage Options” permission is the only WordPress specific permission which is the permission which allows the user to edit settings. Is it possible that you accidentally added this permission to the user role you were testing?
You can also allow a specific user access to Zephyr or not from Zephyr > Teams & Members by unchecking or checking the “Allow Access” button next to their name.
To allow a user to view the project manager on the frontend, however, is a Pro version feature which is only available in the Pro version. But this is optional, as all the main features are still available in the backend project manager and there aren’t any limits added otherwise.
I hope this helps.
Thanks again for your time.
Kindest regards,
Dylan