It is possible, I have done something similar. My solution involves giving users a Local Role in a folder to which access is to be granted. I built a small utility (with ZClasses - doh) to make it easy for the Administrators to add users from a database. Cliff Tim Evans wrote:
I apologize if this issue is something that has been discussed before, but I searched the archives to no avail.
I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model.
The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several "sites", one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them.
What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site.
I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client.
I guess I want "zope-level" users and "application-level" users. Is this something that sane people do?
I don't really need a step-by-step, just a "yes, that is possible" or a "no, you're an idiot" before I start digging in to try and do it.
Tim _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )