On Mon, 26 Feb 2001 13:21:18 -0500, "John R. Daily" <jdaily@progeny.com> wrote:
I'm increasingly frustrated with the Zope security management framework, and I'd like to know if there is a way to work around some of my problems, and/or whether this will be addressed in the future. Or, perhaps I'm looking at all this from the wrong perspective.
Essentially, I'd like a way to eliminate a role in certain directories. For example, if anonymous users should be granted no access to a "/private" folder, I want to lock down /private and all sub-directories against anonymous access.
That sounds like the opposite of local roles (which are the ability to grant *extra* roles in a specific context)
The only solutions I've found are inadequate. What I've found:
* At the root folder, find those permissions which are enabled for the anonymous role, and remove them in /private by de-selecting the "inherit permissions" checkbox and re-enable appropriate roles.
* In /private, de-select _all_ "inherit permissions" checkboxes and re-enable appropriate roles.
Thats when we had to do before local roles were added. Is it possible to rearrange your folders so that you use local roles in a /public/ section? Toby Dickenson tdickenson@geminidataloggers.com