I have 2 types of site. The first is a data site, containing lots of items, updated centrally. The 2nd is a clone of the first, which can be modified by local admin to reflect local needs.
I want my local admin to be able to approve changes pushed through from the data site, but not to have access to any security tools (managed centrally for all sites). So I have roles for my data site and different roles for my cloned sites. My local site admins should only have read acess to the data site.
The problem is, that though I've removed access to security tools for my local admins, if there is a change to item security for one of the data site items they've cloned then this is pushed to them as a change they can review/accept/reject. My local admins don't have "administrate" access to the local clone site so they shouldn't be able to do this. However, they can accept the change, in which case their clone will now have the same access settings as the item it was cloned from. This actually means that my local admin now only has read-only access to the clone.
Is there any way to turn this off, while still allowing local admins to accept content changes?
