Privileged `createMembership()` access
A forum posting revealed a problem with platform's
createMembership() call (
This is a bug.
createMembership() misses the 2-layered access mechanism (analogue to e.g.
- HTTP access -- all access checks performed.
- Privileged Java access -- no access checks performed. The caller is responsible for securing the request.