Security¶
plone.server
implements robust ACL security.
An overview of our security features are:
- Users are given roles and groups
- Roles are granted permissions
- Groups are granted roles
- Roles can be granted to users on specific objects
Requests security¶
By default request has participation of anonymous user plus the ones added by auth pluggins
Databases, Application and static files objects¶
Databases and static files has an specific permission system. They don’t have roles by default and the permissions are specified to root user
- plone.AddPortal
- plone.GetPortals
- plone.DeletePortals
- plone.AccessContent
- plone.GetDatabases
Anonymous user has on DB/StaticFiles/StaticDirectories/Application object :
- plone.AccessContent
Roles in plone.server Site objects¶
Defined at:
- plone/plone.server/src/plone.server/plone/server/permissions.zcml
- plone/plone.server/src/plone.server/plone/server/security.zcml
Site/App Roles¶
plone.SiteAdmin¶
- plone.AccessContent
- plone.ManageAddons
- plone.RegisterConfigurations
- plone.WriteConfiguration
- plone.ReadConfiguration
- plone.ManageCatalog
plone.SiteDeleter¶
- plone.DeletePortal
Default roles on Plone Site¶
They are stored in anontations using IRolePermissionMap.
Created objects set the plone.Owner role to the user who created it.