Issue
You have a user with read and write access rights on a content page. The user requests the page and the page is displayed with all the authoring functionalities on it (edit bars, and so on).
You also have a user who has only read access to the same content page. However, this user can see the edit bars and the other authoring functionalities on the page. When the same user requests, the page with a question mark at the end of the url the edit bars disappear.
Although the read only user can see the edit bars, they cannot edit or delete any content.
Solution
This behavior is expected if the instance caches the first request. However, you can do one of the following to bypass this behavior:
- Disable the cache for HTML pages in author (per default)
- Make sure that you have a question mark at the end of the requests (check your navigation component).
Additional information
CQ caches the page on the first user request. Therefore, the second request is delivered from the cache, which has all the authoring functionalities.