[Zope] Zope and restricted access for different users

[Lennart Regebro]

From: "Flip Hoedemaeker" <flip@keydp.com>
> What I would like to do is create a specific set of users who will be
> redirected to specific subfolders according to the login and password they
> provide, starting from a main portal. I've tried with the acl_user system,
> but I don't seem to be able to get it right. I'm getting confused with the
> differences in authorisation, permission, etc. I'm only concerned with
> people actually accessing (viewing) the specific parts of a site. Can
> somebody point me into a starting direction here?

Roles are a set of permissions that make up a type of user, like a Manager,
Member, Contributor, Guest, Editor, Reviewer or whatever. You set up what
each type of user should be able to do in the root document. You can
override it lower down, but you don't have to unless you want to make a
folder less accessible than it's parent (see below).

After this you add users to roles they should have, ie Manager, member, and
so on.

Making a folder less accessible is done by:
1. Making a new role called "Groupmember" or something. Do not add any users
to this role globally!
2. Override the permission settings for the restricted folders so that only
"Groupmember" has acces to the folder.
3. Give the users that should have access to the folder a Local role of
"Groupmember" in that folder!

Done!

If you have many folders like this, you do NOT have to have one role per
folder. Instead you put all these folders in the folder you restriced in
step 2, and you give users the local role "Groupmember" in each of the
folders the user should have access too.

Summary:
1. Roles define a set of permissions.
2. You give users these permissions on a per folder basis with local roles.
3. You only need to set permissions at a folder if you want to make the
access stricter than it is on the parent folder.