Any test that checks permissions should use a user account with a role limited to those permissions, plus any others that are required for the underlying functionality. All other tests should just use user 1.

Comments

DamienMcKenna created an issue.