How do I keep local managers from accessing the entire site?
Hi, I have played a bit with Zope, to see if I can use it for a site I plan to set up. My problem is that I don't understand how to configure Zope to have a local manager that manages a sub-folder of my site. I have read the ZopeBook, but I still don't understand. I have tried, from a vanilla 2.4.0 installation, to add a folder (let's call it "spam") and in that folder I create a user folder with one user, who has the manager role. The problem is that the user can access pretty much the entire site. For example, if he goes to the URL "http://mysite:myport/spam/Control_Panel/manage_shutdown" he shuts down the entire site. How do I make his privileges local to the spam folder? Thanks in advance! //Anders
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
user can access pretty much the entire site. For example, if he goes to the URL "http://mysite:myport/spam/Control_Panel/manage_shutdown" he shuts down the entire site. How do I make his privileges local to the spam folder?
This is a security bug addressed by the Hotfix at http://www.zope.org/Products/Zope/Hotfix_2001-08-04. You should most definitely install this. _______________________ Ron Bickers Logic Etc, Inc.
participants (2)
-
Anders Conradi -
Ron Bickers