Use Case: Configuring security for CMF objects -
Configuring security for CMF objects
Actor: Site Manager
Access to CMF content objects can be "public" (unrestricted) or restricted to particular users based on permission settings. CMF objects use Zope's flexible mechanisms for defining security policies, which allows you to provide powerful features to your users and allow large groups of people to safely work together to maintain your site.
You must have the "View management screens" permission as well as the "Manage permissions" permission to manage security for CMF objects. You need the "View management screens" permission because the CMF does not provide a specific interface to security information. You use the Zope management interface (ZMI) to control access to CMF objects.
To access the ZMI for a CMF object, visit the url of the object with
the string /manage_workspace
appended in your Web browser. For example,
to view the ZMI for a content object at the url:
/Sports/TopStories.html
, you would visit:
/Sports/TopStories.html/manage_workspace
in your browser. This will
bring up the standard tabbed Zope interface. Select the "Security" tab
to view and modify the security settings for the object.
Managing security and using the ZMI to set and change security policies is covered in depth in the standard Zope documentation in Chapter 6: Users and Security .