[Zope-CMF] Content created by Manager not editable by Member

[Bill Anderson]

On 09 Jul 2001 15:54:29 +0200, Gr=E9goire Weber wrote:
> Hi,
>=20
> I'am just wondering. It is not a important point for me at the moment.
> So for now it's just for learning about CMF.
>=20
> When I am logged in as Manager and I create a Document (or a News Item,=20
> etc.) in a Members folder it wouldn't be editable by the Member even=20
> it is located in his directory. Is this a intended behaviour?

yes.

the content is owned by whomever created it. only the manager, owner,
and any role given the permission (as you note below) can modify
content.

>=20
> Additional information:
>=20
> When I give the the Member role the permission 'Modify portal content',
> the Member is then able to edit the Document. Do I open a potential=20
> security hole by setting this permission in the /Member folder?=20

Yes. AIUI, with this setting, any member could modify other peoples
content. that is generally a bad thing. One thing that comes to my mind
as a potential issue, is that a member could modify a manager's methods,
and thus onsert malicious code.

I think it is a bad idea, but it is not my site, and I am admittedly=20
slightly paranoid about that.

Bill