Just tested it with blank zope 2.3.3
/ method - testfolder - userfolder with user test and manager role (just in testfolder!)
The following doesn't work for user test:
http://localhost/method/manage
The following _will_ work for user test:
http://localhost/testfolder/method/manage
and let's me change method, which is contained in zopes root.
Hmm, this shouldn't be so, should it?
No, it shouldn't. Am starting to think that the Zope security model implementation is a bit "strange". What I'd need in practice is a security model that a) is completely predictable (that's what http://dev.zope.org/Wikis/DevSite/Proposals/SecurityJihad is working on) b) would normally make sure that somebody in a subfolder can not get access to anything that is explicitly protected in the parent folder c) would on the other hand offer the possibility to bind access to a role, regardless where in the folder hierarchy somebody gets the role. The problem is with acquisition: If I have an "editButtonsBar" widget in my root directory, I'd like to make it available to ALL Editors, not just to the ones who have editor roles in root. On the other hand, if I have a standard header or footer that should not be overriden in a subfolder, this should be possible. This means I'd not only need a permission that can not be bound to roles in the subfolder, but also a mechanism to prevent overriding the object ...