Permission inheritance in Document Library is not working as a user might suspect. This might be due to additive behaviour of permissions along the folder hierarchy.
Steps to reproduce:
1) Install clean Tomcat Bundle
3) Sign in as "Bruno (Admin)".
4) Navigate to 7cogs private site's document library.
5) Create a folder "May be deleted" and assign "Delete" permissions to site members and "view" permission to site members.
6) Inside that folder, create a folder "May not be deleted" and assign "view" permission to site members.
7) Check permissions on the newly created folder and make sure "Delete" permission is not selected for site members.
8) Sign out off the portal
9) Sign in as "Kendra Regular User"
10) Navigate to 7cogs private site's document library.
11) The folder "May not deleted" can be deleted including all documents (and the folder "May not be deleted" within.
12) Furthermore, also the folder "May not be deleted" itself can be deleted via the GUI.
That behaviour is not expected. Two possible steps to solve the issue:
1) Do not make use of recursive permissions. This should be configurable either in the DL-Portlet or globally in portal-ext.properties
2) Enhance the UI to show the inherited permissions, e.g. by disabling and checking the "Delete"-Permission checkbox for "May not be deleted" folder.
Also, that behaviour is not only limited to "DELETE" permissions, but to all permissions.
That way, "ACCESS" permissions for folders are not functioning at all (seems to be overriden by DL's "HOME"-folder).