[Zope] Zope security management

Toby Dickenson tdickenson@geminidataloggers.com
Tue, 27 Feb 2001 08:07:22 +0000


On Mon, 26 Feb 2001 13:21:18 -0500, "John R. Daily"
<jdaily@progeny.com> wrote:

>I'm increasingly frustrated with the Zope security management
>framework, and I'd like to know if there is a way to work around some
>of my problems, and/or whether this will be addressed in the future.
>Or, perhaps I'm looking at all this from the wrong perspective.
>
>Essentially, I'd like a way to eliminate a role in certain
>directories. For example, if anonymous users should be granted no
>access to a "/private" folder, I want to lock down /private and all
>sub-directories against anonymous access.

That sounds like the opposite of local roles (which are the ability to
grant *extra* roles in a specific context)

>The only solutions I've found are inadequate. What I've found:
>
>* At the root folder, find those permissions which are enabled for the
>anonymous role, and remove them in /private by de-selecting the
>"inherit permissions" checkbox and re-enable appropriate roles.
>
>* In /private, de-select _all_ "inherit permissions" checkboxes and
>re-enable appropriate roles.

Thats when we had to do before local roles were added.

Is it possible to rearrange your folders so that you use local roles
in a /public/ section?



Toby Dickenson
tdickenson@geminidataloggers.com