[Zope] Obscure security?
Ragnar Beer
rbeer@q-ality.de
Thu, 22 Nov 2001 13:37:23 +0100
Howdy!
I spent some time searching the documentation for an explanation of
the "Access_contents_information" permission but didn't find
anything. I think this is vital information for any Zope admin and
should be easy to find. How can I set up permissions when I can't
find out exactly what permissions I'm actually granting?
I'm (once again) in the situation where an authenticated user cannot
access an object unless the "Anonymous" role is given the permission
to "Access_contents_information" (the role of the authenticated user
has that permission). This reminds me of the old non-root Squisdot
bug, but I can't solve it by upgrading Zope this time, because I
already installed 2.4.3. On the other hand I can't find out what kind
of holes I'm opening by giving this permission to "Anonymous".
What can I do?
Ragnar