[Zope] Re: Zope and roles and hierarchy

Tres Seaver tseaver at palladion.com
Fri Feb 10 08:38:47 EST 2006

Hash: SHA1

David wrote:

> Is it true that even though a user Role like 'author' is defined at zope
> root that users defined lower in the hierarchy *also*  with role
> 'author' cannot access objects at root with role 'author' and
> permissions of view and access? 
> The online zope book seems to say so. 
> If so, couldn't we have some extra attribute to a role like "upwardly
> mobile"? (I want to share a code base for several folders sub-folders
> and I do not wanta to give it anonymous access).

The "scope" of a user's roles is limited to the folder containing her
user folder.  The usual way to accomplish what you are asking for is to
have a single user folder at the highest scope which needs protecting,
and hav it grant users a role (you might even use 'Authenticated') which
you use to protect the shared resources.

You would then grant them *local* roles on the subfolders, giving them
more access.

- --
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the Zope mailing list