[Zope] Zope security management
John R. Daily
jdaily@progeny.com
Tue, 27 Feb 2001 08:39:59 -0500
> >The only solutions I've found are inadequate. What I've found:
> >
> >* At the root folder, find those permissions which are enabled for the
> >anonymous role, and remove them in /private by de-selecting the
> >"inherit permissions" checkbox and re-enable appropriate roles.
> >
> >* In /private, de-select _all_ "inherit permissions" checkboxes and
> >re-enable appropriate roles.
>
> Thats when we had to do before local roles were added.
>
> Is it possible to rearrange your folders so that you use local roles
> in a /public/ section?
My current problem revolves around the anonymous user. If I could make
'anonymous' a local role, that would potentially help, although with
most web-sites the root of the site should be readable by anonymous,
so it's not clear that it's an effective workaround.
However, it still doesn't affect what I perceive to be the basic
problem: a security system should offer one the ability to deny
access, and the only mechanism I can find for doing so in Zope is to
duplicate the security information from the parent folder and tweak
it. That makes central administration harder and is error-prone.
-John