We upgraded from zope 2.9 to 2.10 and in the process upgraded plone as well.  There’s script that simply returns a list of groups to which a user belongs. In the old system both users in the system and not in the system (ie ids not in zope) would get HTTP 200 when invoking the script thru a URL (obviously the non-system users would get an empty list)..

 

Now when system users invoke the script the script returns the list of groups to which they belong, however, when a user not in the system invokes the script it returns a 401. Is there some authentication/security setting that we’re missing that’s preventing non-system users invoking the script? We may have overlooked some small thing (file system permissions, ZMI permissions, authentication settings etc) when configuring things in the upgraded environment….any ideas would help.

 

Thanks