I created a new user who only had permissions to edit entries.

This user could see the "EDIT ENTRIES" button, but clicking on it resulted in a permission denied message.

I had to turn on permissions to post new entries for the EDIT ENTRIES button to work.

This is in MT version 2.64. A fix would be appreciated.

I guess I'm trying to figure out why it would be a problem for someone who can edit entries to be able to post them?

Because we want to have a site editor who can change posts to fix typos and stuff, but not create new ones.

Besides, the bug is clear. I should be able to do this, but the permissions aren't being applied correctly.

The way I understand the permissions is that POST permits an author to create and edit only his own entries; while EDIT ALL POSTS permits him to also edit the entries of other authors (because if you give an author only POST permissions, he can still see and use the List & Edit Entries button).

If that's the intended behavior, then perhaps the bug here is that what the permissions really mean isn't clear??

The reality is that if you give an author the ability to edit all posts, he can still (in effect) create a new post, merely by changing the content of the entry he's editing. So making the permissions mutually exclusive as you're suggesting really doesn't gain you much in the way of security.

Perhaps MT Pro's anticipated enhanced author management features will work better for your needs?

If you give a user only permission to edit all entries, they see the list entries button, but can't click on it.

That user, however, can edit entires via the "Last 5 Entries" list.

That implies to me that the code for displaying the button is correct, but the code for determining whether or not the user can see the page after clicking is incorrect.

Since giving a user this permission allows them to edit some of the entires (actually all, if you're willing to scroll through them using "previous" and "next"), I think it should be fixed in the other place, too.

Then maybe that's the bug?

My point is that it's all subject to interpretation. I never thought it meant anything other than what I described until you suggested it should mean something different. We can each see it a different way, depending on how we choose to look at it.

So now, I'm left wondering exactly which behavior is intended by each of these options.

And only Ben knows the answer to that question.

But either way, we're still left with the fact that someone who can edit can still manage to post if he chose to do so. The only way I know to avoid that is to restrict the ability to set an entry status to PUBLISH, which is why I mentioned MT Pro's expected author management features - I'm hoping something like that is part of the enhancements.

Heh, yeah.

I know the user would be able to "post" if he wanted to. I just wanted to restrict the possible actions he would see so that it would be simpler to use the system.

Anyway I will check out MT Pro when it comes out. Is there a list of features it will have anywhere?

There isn't a full feature list available yet, but the press release gives some hints.