If you are explicitely disableing an action in a parent group, you can not enable it again in a child group. That is how the system works and how it is documented. This is not a bug.

Ok but i try to create a group without heritage and allow editing only specific specific module... that doesnt work
Do have an idea how to create a rules for a group that can't edit all module and can edit some specific without disable editing one by one
sorry it will be difficult to explain with my poor english

image of my test
generic rules for module

specific rules for basic custom module

=> doesn't work !
if i do invert rules it works that strange not ?
imagine you want to allow editing for 2 modules (you have 20 modules) you need to edit 20 modules to acheive this ...

@sanderpotjer could you check this please

i redo my test
1 create a group
2 disable module edition for this group
3 activaved edition module for specific module
=> rule is green but doesn't work

1 create group
2 enable module edition for this group
3 desactived module edition for specific module
=> rule is green and it work ....
but not realy good solution if you have 20 modules and need to create a group how can edit specific module ...

update to 3.4 beta 1 same issue with front-end editing rule
for groupe allow editing in spcific module doesn't work if parent not allowed
=> module button editing appear but we can't edit
default module ACL

specific module acl

some idea ?

on beta2 display is better =>

but we can't do this
denied editing all module for group and allow editing for specific module
can you coinfirm that is normal ? (not realy powerfull)

for @sanderpotjer @brianteeman

cge for inherite ... ACL seems to be ok in backend
but front-end say that user can't edit module

nobody to check this ?

I'm happy to look into this, but won't have time for it before this weekend.

ok no problem if you need a site for test i can send you my access

hello friendly bump
tested on beta 3 => same error

firendly bump

test on rc error still alive

denied editing all module for group and allow editing for specific module
can you coinfirm that is normal ? (not realy powerfull)

This is normal given the current ACL system. Once you explicitly set an option, a child object cannot override it. So if you explicitly set deny on the component level for a group to edit modules, any child groups of that group will not be able to edit nor will you be able to allow access to a specific module in this manner.

To accomplish what I think you're suggesting, here is what I did in a testing environment:

1) Create a new group and set the Group Parent as Public (by default, public permissions are all set to inherit so there are no hard defines set yet)
2) If you want the group to be able to edit modules in the backend, in the Global Configuration you'll need to give this group "Admin Login" permission. If you want the group to be able to edit modules in the frontend, in the Global Configuration you'll need to give this group "Site Login" permission. Do not change any other values.
3) In the Module Manager, if you want users in the group to be able to edit modules in the backend, you'll need to give the user "Access Administration Interface" permission. If you want them to be able to edit all modules from the frontend, you'll need to give them "Frontend Editing" permission. Do not change any other value.
4) In the module(s) you want this group to be able to edit, give them "Edit" permission. You should also set "Frontend Editing" if you want to allow users to edit modules on the frontend.
5) Depending on the types of permissions you've given the group, you may need to add your group to the "Registered" or "Special" viewing access groups so they see all of the correct info.
6) You should now have a user group which is able to edit only the specific modules you want them to.

Hello thanks for explain but if you read my last test inherit doesnt work...
If i use inherit in module config (not allow) and after allow on specific module
Display say that ls ok un autorisation
In front editing icon is display but impossible to édit....
If i do same config in category that work
Inherit in module rule doesnt work
I van send you a link for testing

@micker See the merged PR #6113 Michael did yesterday. I think that's exactly the issue you describe and which should be fixed with current staging (not yet fixed in RC).

ok i switch on pr #6113 for testing patch thanks

@micker as #6113 is merged can we close the issue here?

Closing as we have a merged PR (#6113). If we have still issues please open a new issue that describes the current behavior with the patch. Thanks