...
Certain collections should allow the user to request any ascendants items, like queries for example. If a user has permission on an Org further down the tree, traditionally they could not see the Default Orgs queries (ie, the default queries supplied in the program). From 3.3.2 onward, users have the ability to see their ascendants items for: credentials, dashboards, discovery_scan_options, fields, files, groups, queries, reports, roles, rules, scripts, summaries, widgets. Users can still only see their specified Orgs (and their descendants) for applications, baselines, baselines_policies, buildings, clouds, clusters, collectors, connections, credentials, devices, discoveries, discovery_log, floors, integrations, ldap_servers, licenses, locations, logs, networks, orgs, rack_devices, racks, rooms, rows, tasks, users.
...