I should preface this question with a little background. I come from a Lotus Domino world where all users are authenticated (not the web interface which allows anonymous but the client interface). I need to do something similar in a Zope environment, that is to say that I want to be sure that all users have authenticated themselves and that the scripts can find out who they are, but I do not want to make them Managers or Owners. I suppose that the answer to this is to create a new role (say "User") and make sure that all the users are enroled in that role and then only allow users with that role to view the objects that I wish to control in this manner. I am relatively new to Zope, and have read the manual, but I am none the wiser either as to whether this is the right approach, or as to how I go about adding such a new role and then how I add such a security filter so that only users with this role can access the objects, there only seems to be controls for Anonymous, Manager and Owner.
Hi. When you add more roles, they become available for giving access rights. Sincerely Jørgen fredag 29. juni 2001 12:23, skrev David Goodenough:
I should preface this question with a little background. I come from a Lotus Domino world where all users are authenticated (not the web interface which allows anonymous but the client interface). I need to do something similar in a Zope environment, that is to say that I want to be sure that all users have authenticated themselves and that the scripts can find out who they are, but I do not want to make them Managers or Owners.
I suppose that the answer to this is to create a new role (say "User") and make sure that all the users are enroled in that role and then only allow users with that role to view the objects that I wish to control in this manner.
I am relatively new to Zope, and have read the manual, but I am none the wiser either as to whether this is the right approach, or as to how I go about adding such a new role and then how I add such a security filter so that only users with this role can access the objects, there only seems to be controls for Anonymous, Manager and Owner.
---------------------------------------- Content-Type: text/x-vcard; charset="us-ascii"; name="david.goodenough.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Goodenough ---------------------------------------- -- MVH Jørgen H. Fjeld
Hi David, comments are inline: David Goodenough wrote:
I should preface this question with a little background. I come from a Lotus Domino world where all users are authenticated (not the web interface which allows anonymous but the client interface). I need to do something similar in a Zope environment, that is to say that I want to be sure that all users have authenticated themselves and that the scripts can find out who they are, but I do not want to make them Managers or Owners.
I suppose that the answer to this is to create a new role (say "User")
This approach is okay. At the same time you have to disable the role for Anonymous. Notice an important difference in the security tabs of the ZMI (Zope Management Interface): the one in the highest level (root level) has no column *Aquire permission settings* on the left side, whereas the security tabs in lower levels have. This coloumn (wether checked or not) tells you, wether you acquire permission settings from folders above or not. For example, even if for the role *Anonymous* in a lower level no permission is checked, it nevertheless **has permissions** (i.g. the view permission), because the *acquire permission* is checked on the left side and on the root level, *Anonymous* has been given (checked) this permission. So, to disable all permissions for role *Anonymous* you have to uncheck all permissions in the root level. You may see here also the first simplest approach for the settings of your new *User* role: just give this role the permissions that usually *Anonymous* holds, uncheck them for *Anonymous* and give your users this new *User* role you just created.
and make sure that all the users are enroled in that role and then only allow users with that role to view the objects that I wish to control in this manner.
I am relatively new to Zope, and have read the manual, but I am none the wiser either as to whether this is the right approach, or as to how I go about adding such a new role and then how I add such a security filter so that only users with this role can access the objects, there only seems to be controls for Anonymous, Manager and Owner.
As you don't tell, what *manual* you have read: A first good entry point to Zope security is the chapter *Users and Security* in the Zope book http://www.zope.org/Members/michel/ZB/ Regards, --- Flynt
participants (3)
-
David Goodenough -
Flynt -
Jørgen Hermanrud Fjeld