Hello and welcome to the forums,
The reason Employee Administrator is not able to see Private Tasks and Phonecalls created by themselves is most likely because said Employee Administrator did not assign himself to this Task/Phonecall.
I understand this might not be very intuitive, since contacts rely on the "created by" value, but in contacts there's no option to assign someone to it by default (we decided it'd be overkill). In Tasks/Phonecalls/Meetings, it's natural to have employees assigned to them and we based access to private records on these fields.
The second point you mention:[quote="2qsss":htu2fmdm]Furthermore If a contact is set to permission="readonly" current another user is not able to edit but to delete this record.[/quote:htu2fmdm]Is not exactly the case, but it still is a slight oversight on our part. It's not the case that any employee can delete records including those marked as "Read-only", but it is true that "Employee Manager" can delete all records regardless. In the upcoming version, we've given Employee Manager full access (edit+delete) to Read-only contacts records by default.
To sum it all up, it's working as intended, albeit I understand that not everyone will find these settings to their liking. And for this reason, in the next release of epesi, we're going to include an overhauled permissions engine with an editor (accessible through admin panel), granting Administrators the option to adjust permissions on any recordSet in any way they wish.
I hope this answers all your concerns.
Kind regards,
Arek
