17 Jul
2001
17 Jul
'01
9:51 p.m.
Blandford, Simon [BSS Audio UK] writes:
I am trying to make a folder and it's contents viewable only by a manager. So in the Security tab, I de-select the inherited "View" box and enable it only in the Manager column.
This worked until I changed the owner of the folder and it's contents to being an Owner. In theory, a manger should still have full access to just about everything, but no, not even a mighty manager can view what's in the folder. This is by purpose, to prevent Trojan Horse attacks.
The effective permissions are the intersection of what the current user and the owner can do. Read the Zope 2.2 security paper to understand why this is implemented. Dieter