You are not logged in Log in Join
You are here: Home » Members » Tres Seaver's Zope.org Site » Zope Security Audit » ZopeSecurityAudit-1.0 » README.txt » View Document

Log in
Name

Password

 

README.txt

Zope Security Audit Product README

Overview

Zope's fine-grained security model is powerful, but hard to manage. This tool gives the system administrator an overview of the security status of the site, by searching for "exceptions" to the default / acquired behavior. In particular, it flags all objects which meet have any of these criteria:

  • Local role assigments;
  • Proxy roles;
  • Overridden permission mappings;
  • Executable ownership which differes from the ownership of the 'aq_parent';
  • Owner local roles which don't include the executable owner (leave out System Processes for unowned).

Installation

  1. Untar the tarball, into the Products of your Zope instance (on the filesystem).
  2. Restart Zope.
  3. Using the Zope management interface, create a Security Audit instance from the Add menu.
  4. View the Audit tab of the instance.