On 7.2 FP1 & 7.2 SP1 some of the permissions from a site role that is applied to the user of a parent site are also applying to a child site.
Site A is a parent of Site B. I'm giving John the Site Administrator role for Site A. When John goes to Site B he doesn't have all the administrator functionalities, but he does have the ability to add pages, for instance.
The documentation says the following "Each child Site in the hierarchy has its own administrator, and the Site Administrator role permissions do not flow down to child Sites in the hierarchy." https://portal.liferay.dev/docs/7-2/user/-/knowledge_base/u/understanding-site-management
1. Login as portal admin, for example, test user.
2. Create a parent site, and child site.
3. Create a user, call it parent.admin, as parent site adminstrator.
4. Go to control panel and verify site administrator role has "Allow subsites management" disabled.
5. Login as parent.admin and go to child site.
Expected: parent.admin cannot do any management action to child site.
Actual: parent.admin can add pages and etc.
6. Login as portal admin.
7. Go to control panel and enable "Allow subsites management" for site adminstrator role.
8. Login as parent.admin and go to child site.
Expected: parent.admin can do any management action to child site.