Hi all, This is a conceptual rather than technical question.... I intend to build an intranet with zope...though it's not as simple as that...I'd like 90% of the site to be password protected (giving access to members of my company)...do I use acl_users for this? I'd also like parts of the site to be accessible (and maybe manageable albeit minimally) by clients....Do I have to create a second user/access model for this or can I use the acl_users to do this for me too. I'm having problems a. Making the acl_user stuff work...I can either login as admin or not all. and b. Getting to grips with the concept of the user/privs/access model in acl_users So the question is this...do I/can I use acl_users to manage all my authentication requirements, only allowing certain clients to view certain areas of the site...allowing company members to edit and view all of the site etc..if so then I'll slog on experimenting with the acl_users stuff... thanks tom
I intend to build an intranet with zope...though it's not as simple as that...I'd like 90% of the site to be password protected (giving access to members of my company)...do I use acl_users for this?
Yes or any of the other models (UserDB, etc)
I'd also like parts of the site to be accessible (and maybe manageable albeit minimally) by clients....Do I have to create a second user/access model for this or can I use the acl_users to do this for me too.
Yup. Create a role for them and limit that role.
I'm having problems a. Making the acl_user stuff work...I can either login as admin or not all. and b. Getting to grips with the concept of the user/privs/access model in acl_users
Create a user, give them a role and they will inherit all of the access levels of that role. Create a new role and give that role different access levels and you can manage it better through the role. It is not that much different than most user/group/role access scenarios, in that once you get started using it and understand the basic concepts it will all fit. Remember that users inherit permissions from parent objects which you can turn off if that model does not suit you. J
Tom, could you please not post HTML-formatted messages to the list. You message contains stylesheet information that breaks the reply - at least in netscape. thank you. Heiko Stoermer -- heiko.stoermer@innominate.de innominate AG networkingpeople fon: +49.30.308806-0 fax: -77 web: http://innominate.de
On Tue, 23 May 2000, you wrote:
Hi all,
This is a conceptual rather than technical question....
I intend to build an intranet with zope...though it's not as simple as that...I'd like 90% of the site to be password protected (giving access to members of my company)...do I use acl_users for this?
Yes. You might also create a ROLE called "CompanyMembers"
I'd also like parts of the site to be accessible (and maybe manageable albeit minimally) by clients....Do I have to create a second user/access model for this or can I use the acl_users to do this for me too.
You can use ACL_USERS for this too. Maybe another role for clients might be necessary try "Clients" if they have different rights than the Anonymous user.
I'm having problems a. Making the acl_user stuff work...I can either login as admin or not all.
You can create as many users and roles as you like. for example, lets say that we have the normal roles owner, manager, anonymous and the 2 new ones, Clients, and CompanyMembers. If you want you can create different access rights for each and every group on each and every object in your database ( overkill ). What normally happens is that people put their objects into different folder objects and set the permissions on the folders as to who (which group) can access them. Now, when you create a new user, you can assign them to the appropriate group (or groups). Remember that permissions are set by group not user - this is why you really need to assign the person to a group, otherwise he is considered an anonymous user. The question here is: did you know that you can create your own roles? and once that you have created your own roles, remember to remove acquistion from the folders that are different ( permission wise ) from the parent.
and b. Getting to grips with the concept of the user/privs/access model in acl_users
So the question is this...do I/can I use acl_users to manage all my authentication requirements, only allowing certain clients to view certain areas of the site...allowing company members to edit and view all of the site etc..if so then I'll slog on experimenting with the acl_users stuff...
thanks
tom
---------------------------------------- Content-Type: text/html; name="unnamed" Content-Transfer-Encoding: quoted-printable Content-Description: ---------------------------------------- Hope this helps, Luis.
participants (4)
-
Heiko Stoermer -
J. Atwood -
Luis Cortes -
Tom Smith