Security augmenting not happening
I am trying to make a folder and it's contents viewable only by a manager. So in the Security tab, I de-select the inherited "View" box and enable it only in the Manager column. This worked until I changed the owner of the folder and it's contents to being an Owner. In theory, a manger should still have full access to just about everything, but no, not even a mighty manager can view what's in the folder. If I re-enable the inherited View tick box then all is well again. So I can inherit rights into the folder but not augment them for a manager? Has anyone else experienced this or can tell me what's going on here? I am using Zope 2.3.3 on Cobalt RH6.2 Linux. The comments expressed in this email are my own and not necessarily those of my employer.
Blandford, Simon [BSS Audio UK] writes:
I am trying to make a folder and it's contents viewable only by a manager. So in the Security tab, I de-select the inherited "View" box and enable it only in the Manager column.
This worked until I changed the owner of the folder and it's contents to being an Owner. In theory, a manger should still have full access to just about everything, but no, not even a mighty manager can view what's in the folder. This is by purpose, to prevent Trojan Horse attacks.
The effective permissions are the intersection of what the current user and the owner can do. Read the Zope 2.2 security paper to understand why this is implemented. Dieter
participants (2)
-
Blandford, Simon [BSS Audio UK] -
Dieter Maurer