User Roles / Permissions Problem

User Roles / Permissions Problem

A user of the 'employee' category can change the owner of a milestone to himself, and then delete the milestone. This seems to be an oversight, as the 'employee' user shouldn't have privileges to do so. Can this be changed?

test_user_info