XPages: sessionAsSigner & sessionAsSignerWithFullAccess mix-up (Xpages BUG??)

I spent around 3 days chasing a [TypeError] exception while trying to delete a document. According to the IBM documentation, sessionAsSigner works with the effective (web) access of the Xpage signer.

If my basics are not wrong, a User with Editor access should be able to delete a document even if that person's name or role or group is not in one of the authors field of the document. I logged in as me (I myself is the signer too, no other developer is working in my database) and tried to delete a document with the sessionAsSigner access. It didn't let me delete (You are not listed as one of the authors error). I have Manager access in the ACL and the "Maximum internet name & password" settings was Editor.

According to the IBM documentation, sessionAsSignerWithFullAccess should give admin access to the data (So it seems like the sessionAsSigner is not applicable to the "documents" in which case the above behavior is correct).

So I used the sessionAsSignerWithFullAccess to get the database object. Still no luck on deleting the document (same not authorized error). After a lot of trial and error, it appears to me that it is a mix-up issue between sessionAsSigner and sessionAsSignerWithFullAccess.

Here is the code for reference (the replica ids are fake)

function removeDocument() {       var dbA=sessionAsSigner.getDatabase("","");       dbA.openByReplicaID(@DbName()[0],"85XXXXE2005BXXXX");                               var dbB=sessionAsSignerWithFullAccess.getDatabase("","");       dbB.openByReplicaID(@DbName()[0],"85YYYY500046YYYY");       var vw=dbB.getView("($All)");       var doc=vw.getFirstDocument();       doc.remove(true); }

If a previous code is getting a sessionAsSigner, then a subsequent attempt to access the sessionAsSignerWithFullAccess gives only a sessionAsSigner level of access.

If I change the first line of code to get the dbA from session (instead of sessionAsSigner), then the sessionAsSignerWithFullAccess on line 3 gets the full access as expected.

Has anyone faced this issue before?? I am thinking that it is a bug on the implementation of this feature. This issue was there on 8.5.2 also (We recently upgraded to 8.5.3).

The sessionAsSigner need not be in the same script to reproduce this issue. If anywhere else in the code, a sessionAsSigner is accessed before calling the delete code, the same issue happens.