Dieter Maurer wrote:
In Zope, each user has a set of roles. Any user has the "Anonymous" role. Log-in users may have additional roles.
I'm not convinced this is true... Quoting from the LoginManager CHANGES.TXT file:
Generic User Source, like the GenericUserFolder product it was inspired by, gave all users the Anonymous role. This seems to be incorrect according to what other user folders do, including the standard Zope version, so GUS now no longer does this.
...which is why Alan experiences this problem. I've also run into it just using a normal acl_users folder and I've been mentioning every few months since I bumped into it back in March. Here's my opriginal post: http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/82AE22A20C7E88AE I wish this could get sorted out as it makes security a nightmare unless you use a web of local roles, which is painful and messy to maintain. Is there any reason why every user shouldn't have the anonymous role for every accessible page/object/thing visitable through a protocol? cheers, Chris