plone.server implements robust ACL security.
An overview of our security features are:
- Users are given roles and groups
- Roles are granted permissions
- Groups are granted roles
- Roles can be granted to users on specific objects
By default request has participation of anonymous user plus the ones added by auth pluggins
Databases, Application and static files objects¶
Databases and static files has an specific permission system. They don’t have roles by default and the permissions are specified to root user
Anonymous user has on DB/StaticFiles/StaticDirectories/Application object :
Roles in plone.server Site objects¶
Default roles on Plone Site¶
They are stored in anontations using IRolePermissionMap.
Created objects set the plone.Owner role to the user who created it.