-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Bennett wrote: > I have installed the following: > > Zope Version (Zope 2.9.7-final, python 2.4.4, linux2) > Python Version 2.4.4 (#1, Oct 23 2006, 13:58:00) > [GCC 4.1.1 20061011 (Red Hat 4.1.1-30)] > System Platform linux2 > SOFTWARE_HOME /var/zope/lib/python > ZOPE_HOME /var/zope > INSTANCE_HOME /var/zope > CLIENT_HOME /var/zope/var > Network Services ZServer.HTTPServer.zhttp_server (Port: 8086) > ZServer.HTTPServer.zwebdav_server (Port: 9800) > > I'm using Zeo storage with this. > > The main problem is my understanding roles with my new set up. > > I am moving from a Zope 2.6.1 setup to the setup shown above. I've already > added some Products to my INSTANCE_HOME/Products directory including Plone > which includes the PluggableAuthService folder. I installed a Plone site for > testing and deleted it. > > It appears that PAS has taken over my root acl_users folder or is this now > a > default in 2.9.
The installer for a 'Plone Site' replaces the root acl_users with a PAS: I've argued that this is poor practice (inexcusably rude, actually), but they seem determined to continue it. > Now I can only add users from the ZODB User Manager under /acl_users/users, > there is nowhere to add a user from an Add buttion as in the older version of > Zope. Correct. In PAS, there are actually potentially muttiple user sources (e.g,, SQL, LDAP, NTLM, etc.). Adding them to the 'ZODB users' plugin is the "cognate" of the od "Add" button. > I can add roles from ZODB Role Manager in /acl_users/roles but these roles > don't show up under the Security tab on any page. I can add local roles > under the Security tab and they don't show up in /acl_users/roles. Correct. The roles in the PAS plugin are used to control "global" grants to the users; the roles you set on a folder (even the root), are about "local" grants. > I have searched and can find little to no documentation on use or difference > in the two authentication methods. Where can I find more information on > roles in 2.9.7 and use in this situation? In general, I would avoid defining any new "global" roles in PAS, or even granting the existing ones as "global" roles. Rather, I advise treating *all* grants as "local", even if that means setting them on the root object. > Is this normal behavior and if so how can I synchronize roles between the > Security tab and /acl_users/roles or is it not possible? I would just avoid the role plugin altogether. > Am still searching the WEB and archives in the meantime. The better list for this would be [EMAIL PROTECTED] (CC'ed), which deals with PAS specifics. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v188.8.131.52 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGEboh+gerLs4ltQ4RAomwAKCCN58a7DPkCDsM8v8Oh1a9b6uBPgCgr+m6 H30tKJ1u9k8lJqtBIPxQ11k= =uupR -----END PGP SIGNATURE----- _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas