We have a few specific users defined in the Service Manager's Security screen.  Some have admin and some have admin and export both.  We recently noticed that it seems anybody can export to the K2 server even if their name is not listed at all.  I am sure that at some point in time this worked differently in that the only people that could perform admin or export were those in the list.  If the list was empty then it was wide open.  We recently upgraded to SP4 from SP2a.  Has anyone else noticed this issue, or have am I misunderstanding something?  Thanks.