I was surprised that after setting an object state to 'Inactive' or 'Deleted' in Manage > Properties, that object is still accessible to anonymous users. It does not show up in Solr, and is not listed on Collection view pages, but can still be navigated to directly.
I believe this is intended behaviour, but this behaviour is not intuitive. I think that this should be documented in the Wiki, perhaps on the How to Purge an Object page, which describes how to completely delete (i.e. purge) an object. There are warnings about how purging is irreversible, and the screenshot includes the area for setting the object's State, which lets you do a 'soft delete' but maybe not as expected.
Thus, the information on Getting Started With Islandora, is completely incorrect:
Every object in Islandora can also be set to one or more "states" in Fedora. Fedora states include "Active," "Inactive," or "Deleted." These states are used in different ways by Islandora code. By default, only "Active" objects display to anonymous users. Inactive states can be used for objects that aren't ready to be published (for example, objects waiting for approval in an ingest workflow). Objects can also be set to a state of "Deleted," which maintains a copy of the object in the repository but restricts viewing and management to certain roles. This is in contrast to purging an object, which permanently removes the object and its administrative history from the repository.
The Simple Workflow uses the 'Inactive' state. Its documentation on the wiki describes the actual behaviour in a warning block, to wit:
* While the objects are "invisible" in the sense that they cannot be searched or browsed, they can still be accessed by direct link and will be indexed by the XML Sitemaps Module if it is enabled.
That module's wiki page also describes how this behaviour may be affected by Fedora policies:
[...]your Fedora installation may include the policy file 'deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml', which would prevent Simple Workflow from functioning as intended.[...]
I have vague memories of this policy file being part of installations that I set up circa Islandora 7.x-1.2, but not since (and it's not present in the configuration that ships with the Sandbox or with the Vagrant).
There is also the feature to 'Manage Deleted Objects' that still exists, though is not documented on the Wiki as far as I can tell. For someone with the permission to 'Manage Deleted Objects', it lists the deleted objects in the repository, grouped by content model, with options to set 'Active' or to purge.
As far as I can tell, there is no code in the Islandora codebase that prohibits viewing Deleted or Inactive objects. Anyone with permission to 'View repository objects' can see them unless you have custom code or that above-mentioned Fedora policy.
We should update the Wiki, pronto.
Is there desire for a new feature, to separately have a permission in core to 'View inactive or deleted repository objects'?