Configuring security for CMF objects

Actor: Site Manager

Access to CMF content objects can be "public" (unrestricted) or restricted to particular users based on permission settings. CMF objects use Zope's flexible mechanisms for defining security policies, which allows you to provide powerful features to your users and allow large groups of people to safely work together to maintain your site.

You must have the "View management screens" permission as well as the "Manage permissions" permission to manage security for CMF objects. You need the "View management screens" permission because the CMF does not provide a specific interface to security information. You use the Zope management interface (ZMI) to control access to CMF objects.

To access the ZMI for a CMF object, visit the url of the object with the string /manage_workspace appended in your Web browser. For example, to view the ZMI for a content object at the url: /Sports/TopStories.html, you would visit: /Sports/TopStories.html/manage_workspace in your browser. This will bring up the standard tabbed Zope interface. Select the "Security" tab to view and modify the security settings for the object.

Managing security and using the ZMI to set and change security policies is covered in depth in the standard Zope documentation in Chapter 6: Users and Security .