Default upload group permissions

[Alex Webber]

Hi all,

When I upload a new resource using the form or the rest api, a set of permissions are automatically applied to the new resource, these are "download" permissions on all my groups (organisations).

I do not want my organisations having download permission on every resource I upload, this is very sub-optimal.

Where would this behaviour likely be set? My only clue is that when uploading a resource, a bunch of  GET, PUT and DELETE requests are made to the /geoserver/rest/geofence/rules endpoint, and the rules do appear in the geofence on GeoServer.

Any ideas appreciated.

Alex