what role are you using for that? Data Owner roles (bright green) should only see actions that are enabled for them in the client as well as resources they have been explicitly assigned (at least) read access to.
If the user sees more than is defined in his role / data owner configuration then please make sure that the user does not actually get another role assignment through group membership.
If a user is defined in the user configuration multiple times, for example through group memberships, the highest role will be applied. Not the one that has been specifically assigned, unless of course thats the highest.
If you made sure that there are no role conflicts and the issue persists i would put that in as a bug report.
double checked the membership of the role and made sure the user has only been assigned to one role. Nothing has been allowed btw. We also deactivated the possibility to log in using both the app and web interface. We can login and we see Exchnage logga and reports etc.
The role itself is the DataOwner role. Dont know fir sure, we renamed this role long ago to 'DataOwener test'.
can´t test to confirm that behaviour right now.
I´m pretty sure that this is not how it´s supposed to behave. Please let your rep know to put in a bug report for this.