Appendix A: Zope Core Permissions

This is a list of standard permissions included with Zope. It is a good idea to use these permissions when applicable with your Zope products, rather than creating new ones.

mcdonc - June 11, 2002 6:46 pm:
 The Copy or Move permission was added as of 2.6. If you revoke the Copy and Move permission from a role
 respective to an object, even if a user has "View management screen" permissions, he or she will not be able
 to copy or move the object.

Anonymous User - Dec. 20, 2002 1:15 pm:
I don't mean to bitch, but the following list is absolutely unnecessary. Every permission seems to be defined
 by quoting the permission and adding 'object' or the like. To me, this list contains no information.
 Couldn't you put longer descriptions and examples for each right?

Anonymous User - Dec. 20, 2002 1:20 pm:
 I'd rather just remove the chapter if it becomes more than this. Right now I can't maintain it. If someone
 else wanted to do this and keep it up to date, I'd be fine with it. -- chrism

proton - May 9, 2003 7:14 am:
Sorry, Anon, "the following list" is absolutely NECESSARY. Yes, the descriptions are a little skimpy, but the
whole reason I found this page was that I needed to see the ENTIRE list of permissions without being filtered
by type. (i.e. if I go to the Zope management interface, I see only the permissions that apply to the type of
 object that I've selected.)
 Perhaps the page could be automatically generated from the Python source? I'd like to see a table-oriented
 display: name of permission, object types it applies to, 1-sentence description, and "warnings / gotchas /
 special notes."

Anonymous User - June 21, 2004 12:22 pm:
 This page needs expansion. I'm not a believer in "self-documentation", so administrators need to be able to
 know for sure what security settings they're putting on a page. Yes, we could check the source. . .or we
could use a product that tells us what we're dealing with. I like the security model, the permission layering
 is great, but we need a bit more info.

Anonymous User - June 21, 2004 12:27 pm:
 This page needs expansion. I'm not a believer in "self-documentation", so administrators need to be able to
 know for sure what security settings they're putting on a page. Yes, we could check the source. . .or we
could use a product that tells us what we're dealing with. I like the security model, the permission layering
 is great, but we need a bit more info.

Anonymous User - Jan. 9, 2005 11:57 pm:
 Pathetic .. breaks every known rule of good documentation I can think of.

Anonymous User - Mar. 23, 2005 9:04 am:
 This page absolutely needs expansion. I think having a list of which permission is used where, _and_
 information for developers and admins on what the goal of each permissions, and some use cases would be
 helpful.
 I found this page because I wanted to know what "access content information" needs, because I have a zope
 where there is no permission given to Anonymous, and wanted to give view permission to a wiki inside a wiki
inside zope. I figured out that "access content information" should be given to the zope root to Anonymous to
 achieve this. From this page I figure it could be something like "access metadata" to some extent, but I
 still cannot decide whether my private data is safe if I do this.
 If there would be documentation on where this permission is used, It would be easier to figure out whether I
 have to fear. I guess pythondoc could be easily hacked to extract this info.
 If there would be some more words on goals of permissions, then developers could have more hints on which
 permission should be used for what. This could be further clarified with usage examples.
 The above two information would make easier for system administrators to set exactly the needed permissions
 without a lot of experimenting.

Core Permissions

Access contents information: get "directory listing" info
Add Accelerated HTTP Cache Managers: add HTTP Cache Manager objects
Add Database Methods: add ZSQL Method objects
Add Documents, Images, and Files: add DTML Method/Document objects, Image objects, and File objects
Add External Methods: add External Method objects
Add Folders: add Folder objects
Add MailHost objects: add MailHost objects
Add Python Scripts: Add Python Script objects
Add RAM Cache Managers: Add RAM Cache manager objects
Add Site Roots: add Site Root objects
Add User Folders: add User Folder objects
Add Versions: add Version objects
Add Virtual Host Monsters: add Virtual Host Monster objects
Add Vocabularies: add Vocabulary objects (ZCatalog-related)
Add ZCatalogs: add ZCatalog objects
Add Zope Tutorials: add Zope Tutorial objects
Change DTML Documents: modify DTML Documents
Change DTML Methods: modify DTML Methods
Change Database Connections: change database connection objects
Change Database Methods: change ZSQL method objects
Change External Methods: change External Method objects
Change Images and Files: change Image and File objects
Change Python Scripts: change Python Script objects
Change Versions: change Version objects
Change bindings: change bindings (for Python Scripts)
Change cache managers: change cache manager objects
Change cache settings: change cache settings (cache mgr parameters)
Change configuration: generic
Change permissions: change permissions
Change proxy roles: change proxy roles
Create class instances: used for ZClass permission mappings
Delete objects: delete objects
Edit Factories: edit Factory objects (ZClass)
FTP access: allow FTP access to this object
Import/Export objects: export and import objects
Join/leave Versions: join and leave Zope versions
Manage Access Rules: manage access rule objects
Manage Vocabulary: manage Vocabulary objects
Manage Z Classes: Manage ZClass objects (in the control panel)
Manage ZCatalog Entries: catalog and uncatalog objects
Manage properties: manage properties of an object
Manage users: manage Zope users
Open/Close Database Connections: open and close database connections
Query Vocabulary: query Vocabulary objects (ZCatalog-related)
Save/discard Version changes: save or discard Zope version changes
Search ZCatalog: search a ZCatalog instance
Take ownership: take ownership of an object
Test Database Connections: test database connection objects
Undo changes: undo changes to the ZODB (e.g. use the Undo tab)
Use Database Methods: use ZSQL methods
Use Factories: use Factory objects (ZClass-related)
Use mailhost services: use MailHost object services
View: view or execute an object
View History: view ZODB history of an object
View management screens: view management screens related to an object

Appendix A - Zope Core Permissions