Give each role "Has same role of creator" and/or "Is creator" permission for any plugin's action (linked repo tested the Update action of the included Upload plugin)
Create a user for each role (User A / User B).
Log in as User A and upload any media.
Log in as User B and try to update said media.
You will be able to update said media, witnessing the issue.
Expected behavior
Users other than User A (or anyone with the same role) should not be able to update or delete media uploaded by User A.
Bug report
Required System information
Describe the bug
RBAC doesn't work for any plugin, while still working for Collection Types.
Steps to reproduce the behavior
Link to repo that exhibits the issue.
Expected behavior
Users other than User A (or anyone with the same role) should not be able to update or delete media uploaded by User A.
Screenshots
Permission settings.
User B able to update/delete user A's media.