Hi, >The user's ID is probably 'auth_zopeadmin', while the login name is >'zopeadmin'; this assumes that your user source (a ZODBUserManager?) >uses the prefix, 'auth'. If you show 'user/getId', is it 'auth_zopeadmin'?
You were right: the UserId is 'auth__zopeadmin' -- and the name of our scriptable plugin is 'auth' -- I guess that is where it inherits the 'auth' from. I redid the experiments: - calling 'index_html' in the same folder as the PAS-user-folder is located works also if index_html has owner 'auth__zopeadmin' - calling 'index_html' owned by 'auth__zopeadmin' when located in a folder somewhere under the PAS-user-folder in the hierarchy gives the following error message: Error Type: Unauthorized Error Value: The owner of the executing script does not have the required permission. Access to 'meta_type' of (PythonScript at /test/subfolder/index_html) denied. Access requires View_Permission, granted to the following roles: ['Authenticated', 'Manager', 'Owner']. The executing script is (PythonScript at /test/subfolder/index_html), owned by Anonymous User, who has the roles ['Anonymous']. The same happens if I set the proxy-role of the script to, say 'Manager'. I guess I could just solve my problem by granting View to 'Anonymous', but there is obviously something fundamental I do not understand: - why do objects in subfolders react differently? - how does the 'old' Zope authenication with the regular 'userfolder' at top level and PAS users? For the user itself, it does not matter if he has a funny id such as 'auth__zopeadmin', becaus I can grant roles to him no matter what the name is via PAS. But what about scripts and their owners? Best regards, Bernd _______________________________________________ Zope-PAS mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope-pas
