@f-rapp: Think you mean 'Edit' => 'Item' or 'Import'/'Export' > 'Metadata' in the sidebar (since 'Edit' > 'Metadata' isn't an option there, only under Import/Export).
Noticed this problem as well.

When you log in as a submitter there is an 'Edit' => 'Item' option in the sidebar which opens the item edit selector, but all items present there are not editable by the submitter (results in 403 forbidden page)
The same problem exists for a community and collection admin (idem 'Edit' > 'Collection' shows collections this user can't edit thus resulting in 403 pages).

Additionally for the submitter the 'Import' > 'Metadata' option also results in a 403 forbidden page. And the 'Export' > 'Metadata' > Select any item > Results in a failure notification. (Idem for com/col admins, this shows com/col they can't export, and the import page also results in 403)

Also, logged in as supposed comm admin ([email protected]) the 'Edit' > 'Collection' option is shown (containing collections they can't edit), but not the 'Edit' > 'Community'.

Related (loosely) to #1482

Also related to this email thread: https://groups.google.com/g/dspace-tech/c/-SiQ_LGx_ks/m/pjWrdI4HBQAJ

We'd like to claim this ticket

@tdonohue we've noticed the same problem occurs when creating or editing Communities/Collections

Since the fix would be almost identical to the one @KoenP wrote for edit+Item, we'd like to expand the scope of this issue and address everything within the existing PR

@ybnd : It's ok with me to expand the scope here to include the Edit/Create Communities/Collection pages. Whether it should be in the same PR or a separate one may depend on how large the PR becomes (larger PRs obviously can be more difficult to review). That said, it's OK to move forward with additional fixes here.

@tdonohue while expanding this behaviour to Communities & Collections we came to the conclusion that we should take some time to refactor how these sorts of "indexed authorizations" are handled in general.

This is too much for the scope of this PR; a more naive implementation would just lead to a lot of duplicated code now and double work later on.

It's probably best if we look at this in more detail for 7.6