> That's not what's happening here.

No, it is, the comment you're replying to is correct in what it said to you.

> The Privacy settings applies only to access to the Documents folder without the user interaction.

Yes, BUT, the user interaction is irrevocable. There are two user interactions here, one is "please access Documents this one time" and the second is "please don't let this app access Documents again."

Of course, if the stakes were higher you wouldn't even think to defend this behavior. Like if you were dealing with a nuclear weapon launcher and there was a big panel saying "TARGETING SYSTEMS: 0 targets (Permission Lock sandbox excluding 450 potential targets needing approval)" and then you poked around and found out "uh... why can I still go into the interface and target Milan and the big glowy 'launch missiles' light then starts lighting up and presumably I can launch a nuclear strike on Milan?!" and someone says, "oh yeah, that's because back when we were demoing it, the general had us punch in a random city to show what the targeting UI looked like, and we randomly chose Milan... it's okay, to fix it someone just needs to go and manually remove the warhead and put in a different one and then we'll restart the system and it'll forget all its targeting data for the old warhead" -- that'd strike you as unsustainable.

But this is very low-stakes for us so it seems less outrageous, but fundamentally it is a solid buggy behavior, "The UI makes it sound like there is only one system at play here, but there are actually two and the other system can override a specific revocation that's placed at the level the UI controls." Even if there are going to be two systems, you expect that their security controls will both be followed, or that the second one will know enough to be able to say "I say no, but I am being overruled" in its status panel.