Standard administrators can modify package targets even though they do not have"modify" rights to the channel.
StatusReported to Engineering
STEPS TO REPRODUCE:
1.Login as your main administrator.
2.create a channel called secure_channel or whatever name you want.
3.create a new test administrator with administrator type: Standard.
4.go to the user and give him View permissions for the secure_channel
5.login as this test administrator
The test administrator will be able to modify package targets within the
secure_channel that he didn't have modify rights to.