[Zope] newbie security question

[Hans de Wit]

Hello,

I have a security question,I read chapter 6 of the Zope book, and doing something 
wrong.

I want to delegate the management of a sub-folder, so there is a folder(folder1) with a 
manager1 and a sub-folder (folder2) with a different manager2. Folder 1 and 2 are not 
public, so anonymous cann't view them. The folder2 should be able to be viewed by the 
manager2, but not by anonymous. Nothing very special, i thought.

In the folder1 i turned the Acquire permission setting for the view permission off. The 
folder can only be viewed by manager1, not by not by anonymous, not by manager2 (manager 
2 is not a user of folder 1)  
In the sub-folder, folder2, manager 2 is a user (with the management role) 

It doesn't work. Manager2 is missing the view tab, the rest of the management view is 
available.  I can have him his view tab: by setting  the Acquire permission setting in 
folder 1 on 'on'. It doesn't matter that this setting in folder 2 is off. But now 
anonymous can view everything.

I am just not getting the point. I am using 2.3.0 with the 2001_03_08 hotfix.

Met vriendelijke groeten,

Hans de Wit

h.de.wit@scp.nl