[Zope] Re: Zope Users and Roles

Juan Pablo Romero jpablo@perl.ajusco.upn.mx
18 Apr 2002 14:44:31 -0500


Hi

As you said, I added the role 'db_user' at root level.

Now, where do I get the secury tab *for the db_user role*?

I mean, I have tabs for all zope objects, such as folders, files, etc.,
but not for a role.


  Juan Pablo




On Thu, 2002-04-18 at 10:39, Felipe E. Barousse B. wrote:
> Juan Pablo:
>=20
> You need to create the roles at the "root" or "test" level (in your
> example). For that role "db_user", at the level where you created, get
> into the security tab and check the following permissions:
>=20
> Access contents informations
> Use Database Methods
> View
>=20
> And uncheck the "Acquire permission settings?" column.
>=20
> (Hope I didn forget any other important ones)
>=20
> At "insert_field" for the VIEW permission:  uncheck the Acquire
> permissions column, and check the "db_user" column which is the role you
> created above.
>=20
> Still, take care of the Anonymous role's properties, as it allows anyone
> to access certain properties; for instance I'd uncheck it also at the
> insert_field VIEW permission, as indicated above.
>=20
> This should work.
>=20
> The problem seemed that you only adjusted the view property for the
> role, not the required "Access DB methods" and "Access contents
> information" which are required -at least those two- for the security
> scheme to properly work as you need.
>=20
> Hope this information helps.
>=20
> Felipe Barousse Bou=E9
> Bufete Consultor de M=E9xico - Piensa Technologies.
> www.piensa.com
>=20
>=20
> >Message: 8
> >From: Juan Pablo Romero <jpablo@perl.ajusco.upn.mx>
> >To: zope@zope.org
> >Date: 17 Apr 2002 14:24:59 -0500
> >Subject: [Zope] Users and Roles
> >
> >Hi!
> >
> >I have a little problem with user managment:
> >
> >/test/
> >  modify_db             (zsql method)
> >  insert_field          (page template)
> >  acl_users/
> >     fred               (a user with the role 'db_user')
> >
> >
> >
> >I want to allow access to 'insert_field' only to users bearing the
> >'db_user' role, so I created such role in the root folder.
> >
> >Then I checked 'view' property in the 'db_user' column (within
> >'security' tab from 'insert_field'), and also unchecked the same
> >property in the 'Acquire Permission ...' column.
> >
> >According to the manual, when a client attempts to view
> >/test/insert_field, zope should allow access to user 'fred' (because he
> >has the 'db_user' role), right?
> >
> >In my case zope keeps asking for login/password.
> >
> >
> >What could be wrong?
> >
> >
> >Thanks in advance.
> >
> >
> >  Juan Pablo
>=20
>=20
>=20
>=20
>=20
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -=20
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )