The permission necessary for publishing a single asset to live is Sites: Export/Import Application Info
Steps to reproduce:
- Enable staging
- Create a role and give the following permissions:
- Sites -> Everything except for "Export/Import Application Info"
- Web Content -> Everything
- Create a user and assign that role to the user
- Create a web content and try to publish it
The user should not have the option to publish that web content to live
The user is able to publish web content to live.
This was not reproducible here (~6/21/18):
Tomcat 9.0.6 + MySQL 5.7. Portal 7.1.x-private GIT ID: 55801a7ba2d0436b191cae0a1d22115a0eab83f0.
However, I was able to reproduce this here (~6/26/18):
Tomcat 9.0.6 + MySQL 5.7. Portal 7.1.x-private GIT ID: 7aa59e60fc5fe12eaec1ed33867679a1b77cc5c7.