The assigned library and rating profile can be bypassed for managed users

Plex Players
1

Server Version#: 1.43.0, 1.42.2
Player Version#: 10.30.8.4222
<If providing server logs please do NOT turn on verbose logging, only debug logging should be enabled>

Today, my son could watch a series that’s not suitable for him. It’s very strange.
The situation was that the Plex player lost the home screen settings for his user and asked him to pin the appropriate libraries from the server (as a first run). He did it. Finally, he was able to add some libraries he didn’t have access to and start a series that didn’t match his rating profile.

Background: I’ve got 3 Plex servers (it’s a history - same libraries and same media). I’ve created separate libraries for normal movies and shows and for children’s movies and shows. I only granted my son access to children’s films and shows on 1 selected server. Furthermore, I set the rating profile for his managed user account.

Temporary solution: grant access to another server with selected libraries.

This issue should be solved.

Thanks.

2

Can you verify your son is actually using his own profile and isn’t accidentally signed in as you or another user with permission to see those libraries.

3

I already did it. It was his account: he is the only one who has profile photo + everybody else have pin except him and the grandma (she has same rights as him).

4

Are there any entries in Settings → Network → List of IP addresses and networks that are allowed without auth?

If so, is the device your son was using covered by those entries?

5

Yes, it is: the local network.

I was able to reproduce the issue. On the very first launch, when the user starts using Plex, the app displays all available servers to choose from. At this point, the user can select a server where they don’t actually have any assigned libraries. It seems that “no restrictions” is treated as “access to everything,” meaning that if no library limitations are set, Plex automatically grants access to all libraries. The same behavior can later be triggered through the More… option.

The second issue is that the rating profile check doesn’t seem to work. Plex still shows movies with ratings that shouldn’t be allowed (e.g., PG‑13, 16, etc.), even though the user’s maximum permitted rating is below 12.

6

Remove the settings from List of IP addresses and networks that are allowed without auth.

No Auth means no login. All devices have server owner level access.

See https://support.plex.tv/articles/200430283-network/

7

Thanks. It solved the library connection issue.
Unfortunately, there is no solution for the rating profile issue. He can see the whole e.g. movie library. It’s valid for 1.42.2. and 1.43.0 servers.

8

Can you provide some more details on this.

What are the exact restrictions set on the account? And what is the content rating shown on the piece of content?

9

After your reply, I checked the restrictions again and was surprised to see that they had all disappeared. They were still there when I reported the issue. To be fair, I did restart all the servers before my last comment.

I turned a few of them back on, and it works.
Thanks — I’ll make sure to double‑check this next time as well.