Our security roles and tasks work in dev as they should and had been copied over to production when we upgraded the server a couple months back. We had tested it from what i know and it worked, but an autditer just found that a user with an AR role could see an AP role and so on. Its as if all the security has defaulted to power user. We can not seam to get it to enforce security properly. I also can not find any errors when using the built in debugging tools nor is the security working for new test users while it is still working in Dev. I have googled it and binged it and I could not find any references to an error like this. We did find one article in customer source which was similar but denotes that an error gets thrown but I do not get any errors.
this is similar to our issues but the user can always access the wrong windows and we can not get them to limit access.
http://community.dynamics.com/forums/p/35886/62981.aspx#62981
*This post is locked for comments