The ability to restrict the re-assigning of object states through the state/assign policy's subtree limitation does not work. Users can freely change the object states of any node regardless of the subtree limitations that are set for the state/assign policy.

Steps to reproduce:

1. Create the following folder structure:

Home
--Articles (folder)
----Article 1 (article)
--News (folder)
----International (folder)
------New article 1 (article)

2. Create a new user group (e.g. "Test") and a new user for the new group (e.g. "John Smith");
3. Create a new content object state group (e.g. "Online") with, for example, two states ("Yes" and "No");
4. Create two roles (e.g. "Test role 1" and "Test role 2"):

Add the following policies to the first role:

• user | login | No limitations
• content | read | No limitations
• content | edit | No limitations

Add the following policy to the second role:

• state | assign | No limitations

5. Assign the first role to the new user group;
6. Also assign the second role to the new user group, but with a subtree limitation for "Home/News/International".

You should only be able to change the object state for the "International" folder (and everything underneath it, of course), but you are able do do that for other node outside that subtree, such as "Articles".