parse Roles ACL explaination

Question

How do i stop any user writing to a role using the ACL? No matter what I set the ACL on a role to i can write to it with any user account if the CLP is set to public write, but if i set the CLP to public read and specify a user with write privileges that users has write privileges to all the roles no matter what the ACL on a specific role is set to, and if i set the CLP to public read and don't give any user CLP write access but set the ACL on a role to allow a user write access i can't write to those roles with that user account?

Thanks

Answer 1

Ok so I answered my own question, I take it from the lack of replies that either i'm pretty dim(very possible) or my question was confusing(also very possible) or some other people have the same problem(limited possibility). Anyway I set the CLP to no public read or write, I then added the user i wanted to edit the roles to the CLP with read write, then set the ACL to read write for that user on the role and no public read write. This seems to allow only users listed in the CLP with read write and explicitly in the ACl with read write permission to edit the role.

What i find confusing about this is why a CLP of public read write overrides a ACL with specific users permissions, but the CLP with a specific user read write permission does not override ACL in that class with a specific user permission, they seem the same, both have a class level and a object level permission, but somehow the public class level permission has a different scope if its a public permission vs a user permission?