Figure 11 shows a Security view for a DTML Method. To get to this screen, access the html_index in the Content frame. Select the Security object tab. The Security view is a standard object view for controlling access to objects, or authorization. As the figure shows, authorization is defined in terms of which roles are assigned to which permissions. In addition to specifying which roles have each permission, each permission has an option for acquiring permission settings from containing folders.
The settings shown in Figure 11 are typical for DTML Method permission. All permissions acquire permission settings and no roles are assigned to permissions explicitly. Access to objects with permission settings like those shown in figure 11 can be controlled entirely from folders containing the object.
Figure 12 shows the security view for a top-level folder. To retrieve this window, click on the main folder in the navigation window. This will return you to the top level folder list. Press Security to view the permissions set. Unlike other security views, the security view of a top-level folders does not contain a column of checkboxes to control acquisition of permission settings, since there are no higher-level folders to acquire permission settings from.
The top-level folder is where Zope's default permission settings are defined. Access control for an entire Zope installation can be controlled from the top-level folder. By default, only the "Manager" role is able to perform most operations. The "Anonymous" role, which all users have implicitly, has "View" and similar innocuous permissions.
Different types of objects in Zope define different kinds of permissions. For instance, all Zope objects have a permission called View Management Screens . However, while Folder objects have a permission called Add objects , DTML Method objects do not since they cannot contain other objects. Similarly, an object with specific functionality like a Confera Topic might have a permission called "Add messages". Thus, the permissions available on an object depend on the capabilities of that object. Note from Figure 12 , that security views for folders show many permissions. Folder security views show all permissions for operations on all objects, not just those for folder operations. This is necessary so that permission settings may be defined centrally and acquired by contained objects.
Previous Chapter | Next Chapter | Up | Next Section | Contents
