[Zope] Re: Zope Users and Roles
Felipe E. Barousse B.
fbarousse@piensa.com
18 Apr 2002 10:39:26 -0500
Juan Pablo:
You need to create the roles at the "root" or "test" level (in your
example). For that role "db_user", at the level where you created, get
into the security tab and check the following permissions:
Access contents informations
Use Database Methods
View
And uncheck the "Acquire permission settings?" column.
(Hope I didn forget any other important ones)
At "insert_field" for the VIEW permission: uncheck the Acquire
permissions column, and check the "db_user" column which is the role you
created above.
Still, take care of the Anonymous role's properties, as it allows anyone
to access certain properties; for instance I'd uncheck it also at the
insert_field VIEW permission, as indicated above.
This should work.
The problem seemed that you only adjusted the view property for the
role, not the required "Access DB methods" and "Access contents
information" which are required -at least those two- for the security
scheme to properly work as you need.
Hope this information helps.
Felipe Barousse Bou=E9
Bufete Consultor de M=E9xico - Piensa Technologies.
www.piensa.com
>Message: 8
>From: Juan Pablo Romero <jpablo@perl.ajusco.upn.mx>
>To: zope@zope.org
>Date: 17 Apr 2002 14:24:59 -0500
>Subject: [Zope] Users and Roles
>
>Hi!
>
>I have a little problem with user managment:
>
>/test/
> modify_db (zsql method)
> insert_field (page template)
> acl_users/
> fred (a user with the role 'db_user')
>
>
>
>I want to allow access to 'insert_field' only to users bearing the
>'db_user' role, so I created such role in the root folder.
>
>Then I checked 'view' property in the 'db_user' column (within
>'security' tab from 'insert_field'), and also unchecked the same
>property in the 'Acquire Permission ...' column.
>
>According to the manual, when a client attempts to view
>/test/insert_field, zope should allow access to user 'fred' (because he
>has the 'db_user' role), right?
>
>In my case zope keeps asking for login/password.
>
>
>What could be wrong?
>
>
>Thanks in advance.
>
>
> Juan Pablo