michael nt milne wrote:

I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work.

Yes. But security is hard on any capable system, with users, groups, objects, applications all having security attributes and all those things inheriting and interacting in unexpected ways. Netware and Windows are the same.

As for 'doesn't even seem to work', that may be true (welcome to Open Source!), but you may 'just' be experiencing interactions between Zope security (hideously complex, etc) and Plone security (also complex). The interactions between these systems are basically beyond ordinary humans - or, possibly, just don't work.

It may be most sensible to try to hand off security to another system entirely and let Zope/Plone share/inherit it - as your original intention. If it's an extranet, can you use the surrounding network's system? Pluggable authentication can use Windows or LDAP (or, perhaps, other) authentication to provide access to a Zope/Plone, so visitors log in to your network rather than to the Zope site, and the Zope/Plone can inherit whatever the domain authentication system knows about them.

My other advice is to try not to touch ZMI security screens: if you're using Plone you should try to set up the security you need in Plone as far as possible. You really don't need Plone and Zope trying to do different things at the same time: it's a fragile and complex marriage and the partners all too easily end up stalking out of the room.

(this also suggests you might have better luck on the Plone discussion lists, eg nntp://gmane.comp.web.zope.plone.user)


Mark Barratt
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to