For a client, and to ensure people with less technical skills while editing the website, can not stuff something up in Admin, I have implemented security, so they can not actually acces or edit web pages. All ok
I have then allowed them to create Web App items, which they must classify.
The categories/classifications (not sure why it is not "Categorise" instead of classify in the menu, to be consistent) I have set up to represent each web page they can edit.
On the web pages I insert a module that shows web items based on category which relates to the web page, and it all works fine.
But hold on, within the web app item creation the right hand menu allows the user to insert a web app item into a web page, and although they have no authorisation to edit web pages, they can.
Now I realise that the security is not that secure, as it only removes easy access via a menu, and in file manager or using FTP they could easily delete files, but I would have thought at least the feature to insert into web pages would be removed, or the system would not allow, if they did not have access to web pages.