Managing Users

People, whether internal staff members or customers, are represented in a Zope site by user objects. These user objects are managed in special folders called User Folders .

For the next task in Stan's assignment, let's create a user object, Sally, under the News folder. In the navigation frame, select the News object to retrieve the subfolder available. To add Sally, click the acl_users item under the News folder. Figure 10 shows the Contents view of the User Folder in the News subfolder is displayed. Enter a password and confirm it by entering twice. Make sure you highlight the "Manager" field in the Roles display and then press Add. Where a user is defined is important, as it will define the scope in which their privilege applies. Because Sally is defined in the News Folder's user folder, she has manager access only to objects in the News Folder and subfolders.

User Folders can be defined in any folder. For example, the navigation frame in Figure 9 shows User Folders in each of the site's four Folders. The ability to put a User Folder in any folder provides support for highly decentralized user management. It is also possible to create custom User Folders that can be used to interface with external user management systems, such as directory servers.

User objects contain the information needed to identify and authenticate users, and to tie them into the authorization system. Users are identified by a name. DTML Methods can refer to the current user using the variable, AUTHENTICATED_USER. When this variable is inserted in a DTML Method, the user's name is inserted.

Users also have authentication information. In standard Zope User Folders, the authentication information consists of a user's password and/or an internal domain name. Other user folders may use different authentication information.

Users are tied into the authorization system by their assignment of roles. Roles describe the kind of responsibility and authorization possessed by a user.

---