plone.server implements robust ACL security.

An overview of our security features are:

  • Users are given roles and groups
  • Roles are granted permissions
  • Groups are granted roles
  • Roles can be granted to users on specific objects

Requests security

By default request has participation of anonymous user plus the ones added by auth pluggins

Databases, Application and static files objects

Databases and static files has an specific permission system. They don’t have roles by default and the permissions are specified to root user

  • plone.AddPortal
  • plone.GetPortals
  • plone.DeletePortals
  • plone.AccessContent
  • plone.GetDatabases

Anonymous user has on DB/StaticFiles/StaticDirectories/Application object :

  • plone.AccessContent

Roles in plone.server Site objects

Defined at:

  • plone/plone.server/src/plone.server/plone/server/permissions.zcml
  • plone/plone.server/src/plone.server/plone/server/security.zcml

Site/App Roles


  • plone.AccessContent
  • plone.ManageAddons
  • plone.RegisterConfigurations
  • plone.WriteConfiguration
  • plone.ReadConfiguration
  • plone.ManageCatalog


  • plone.DeletePortal

Default roles on Plone Site

They are stored in anontations using IRolePermissionMap.

Created objects set the plone.Owner role to the user who created it.

Default groups on Plone Site



There is a root user who has permissions to all site:

DB/APP permissions are defined on

Plone permissions because belongs to Managers group auth/