[Zope] security policies bwt Zope 2.3.0 and 2.3.2

Irene Barg ibarg@as.arizona.edu
Tue, 07 Aug 2001 09:38:58 -0700


Hello,

My development system:
Zope Version:  Zope 2.3.2 (binary release, python 1.5.2, linux2-x86) 
Python Version:  1.5.2 (#1, Aug 25 2000, 09:33:37) [GCC 2.96 20000731
(experimental)]
System Platform: linux-i386 

My deploy system:
Zope Version:  Zope 2.3.0 (source release, python 1.5.2, linux2) 
Python Version:  1.5.2 (#10, Feb 12 2001, 15:36:48) [GCC 2.95.2 19991024
(release)]
System Platform:  freebsd4 

I get things working on my development environment, then
export the folder, re-import on the deploy machine. I have
a database which only allows selected 'users' update permission.  I
grouped these users and the update methods in a folder called
'Update'.  Created a role called 'dbupdate', then disabled all
'Acquire permissions settings' for the Update folder, then 
enabled the following for the 'dbupdate' role:

Access contents  information
Open/Close Database Connection(s)
Query Vocabulary
Search ZCatalog
Use Database Methods
Use Factories
Use mailhost services
View 
View History
View management screens

Enabled all settings for 'Manager' role.
On my development machine, this does what I want it to.
If someone trys to access the '/ADASS/Datbase/Update' URL
it prompts them for a login/password.  I exported the 'Update'
folder, then imported it (Retain existing ownership info) into
my deploy machine.  On the deploy machine, I cannot get past
the login prompt without getting 'Authorization Failed, Retry?'.
If I press the 'Cancel' button, I then get:

        Zope Error
        Unauthorized
        You are not authorized to access title_or_id. 

I've re-checked and changed my 'users' login several times, and
this is not the problem.  I've tried setting 'Proxy' to 'Manager' and
'dbupdate' role on: Update/index_html, but this does not fix it either. 
I've looked at the security settings at the root level, and there are no
glaring differences between the two machines.  The only difference I see
is the difference in
the two Zope version numbers 2.3.0 vs 2.3.2.

Suggestions? Thanks,
--irene
----------------------------------------------------------------
Irene Barg		      Email:  ibarg@as.arizona.edu
Steward Observatory	      Phone:  520-621-2602
933 N. Cherry Ave.
University of Arizona	      FAX:    520-621-1891
Tucson, AZ  85721	      http://nickel.as.arizona.edu/~barg
----------------------------------------------------------------