[Zope] CMF security error in DCWorkflow that doesn't make sense

Dieter Maurer dieter at handshake.de
Fri Jul 4 01:05:59 EDT 2008


Peter Bengtsson wrote at 2008-7-1 12:15 +0100:
> ...
>The owner of the executing script is defined outside the context of
>the object being accessed. The script has proxy roles, but they do not
>apply in this context.. Access to 'workflow' of
>(Products.DCWorkflow.Expression.StateChangeInfo instance at 0xddffb48)
>denied. Access requires Manage_portal_Permission, granted to the
>following roles: ['Manager']. The executing script is (PythonScript at
>/intranet/portal_workflow/intranet_workflow/scripts/wf_script_despatcher),
>owned by oliver.

The message tells you that the problem is the so called
"executable owner" of the script.

The "executable owner" is a mechanism to protect against Trojan horse
attacks: a user with low priviledges creates an executable object that
does bad things when executed by a user with high priviledges.
The protection restricts the effective permissions to the
intersection of the current user permissions and the executable owner
permission.

Probably, the executable owner of this script does not
exist in your test instance (but it exists in the other instances).
Use "take ownership" to change the executable owner (or create
the executable owner).



-- 
Dieter


More information about the Zope mailing list