I created category and on the Security tab changed permissions from everyone to our internal group.
Later I created a subcategory inside. I did not change it’s security settings, i.e. it remains “accessible” by everyone; but of course they cant visit it because it’s parent category is not listed on the front page of the forum, as I thought.
Also I created topics inside this subcategory. A assumed that they will be inaccessible to others. And at first sight it was so. But later my test account received digest email message with that private topics inside. I was shocked. Currently the forum is under construction so nothing bad actually happens…
I investigated this and find out the following:
Subcategory does not inherit security settings of it’s parent. At least a checkbox Inherit should exist, checked by default.
So topics from such an “not closed, not open” subcategories are accessible:
That’s right. Security settings are not inherited by subcategories. You’ll need to adjust those permissions to match the parent if that’s what you want.