On Sat, 21 Jun 2003 18:00:11 +0100 GMT (..19:00 where i live(GMT+2) ) Matt Patterson asked the Zope mailinglist about the following:
Hello,
I've been working on my first major project with Zope and I need to allow members of the public to register with the site (which gets them an entry in acl_users, and a very restricted role).
I know that I need to use a proxy role to make the script work - giving it manage users privileges. I created a role, adduser, which only had the 'manage users' privilege. When I tried to assign this role as a proxy role to the add-a-user script I got the following error:
You are not authorized to change addUserScript because you do not have proxy roles. (Also, an error occurred while attempting to render the standard error message.)
That error message is not very well-worded. It really means that *you*, the user assigning the proxy-role cannot assign roles you don't have yourself. So, if you set your manager-user up with the "adduser" role, you can freely asssign adduser-proxies whereever you like. but there is no danger related to assigning the "manager" role to the script if no non-managers are allowed to edit it. You can read more about roles and proxies here : http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx :) -- Geir Bækholt