Security, roles, permissions...
Hi, Is the following possible? I want to create a new role :Small_Manager This descends from the Manager role, but has some things disabled. That is instead of creating each roles seperately, make it possible to let them descend from one. And then lowering their permissions. This makes it easy when I disallow a certain permission on top of the tree. All descendants will lose the permission too. I tried to mimic this in the following test : Root Folder : user tom : Manager in a sub-folder : user tito: Manager, but nothing acquired from above instead the view management screen. Now, when I enter as tito, it is still possible to make changes to the documents in the sub-folder... while I explecitely said that the manager role in the sub-folder was only able to view the management screen, not to make changes... what am I doing wrong? ps. Yes, I closed all my browsers, before logging in as tito. Tom.
Tom Deprez wrote:
(snip stuff I don't want to think abour)
Root Folder : user tom : Manager in a sub-folder : user tito: Manager, but nothing acquired from above instead the view management screen. Now, when I enter as tito, it is still possible to make changes to the documents in the sub-folder... while I explecitely said that the manager role in the sub-folder was only able to view the management screen, not to make changes...
what am I doing wrong?
I don't know. I just tried this and got the behaviour I expected, which was that I could view management screens by not change a document.
ps. Yes, I closed all my browsers, before logging in as tito.
Hm. You might try deleting tom to be sure. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
: > what am I doing wrong? : : I don't know. I just tried this and got the behaviour I expected, which was : that I could view management screens by not change a document. : : > ps. Yes, I closed all my browsers, before logging in as tito. : : Hm. You might try deleting tom to be sure. Is this again one of these 'pythoness' jokes? :-(
participants (3)
-
Jim Fulton -
Tom Deprez -
Tom Deprez