[Setup] Re: LDAP users can not rename or delete their own content
in folders that they own
Raphael Ritz
r.ritz at biologie.hu-berlin.de
Wed Feb 10 15:04:29 UTC 2010
Graham Perrin wrote:
> <http://www.wuala.com/Zope%20&%20Plone/Plone/2010/02/10/a/> screen shots
> 01--06 for a visual introduction to this problem.
>
> According to ZMI,
> ATFolder at /centrim/Members/gjp22 is owned by gjp22 (centrim/acl_users).
>
> The CENTRIM site has read-only access to ldap.sussex.ac.uk
> and groups relating to this use of Plone are not stored on that LDAP server.
>
> gjp22 currently has contributor and member roles at
> /centrim/prefs_users_overview
> (but for the majority of LDAP users, the norm is to have the Authenticated
> role alone).
>
> Focusing on the problem:
>
> gjp22:
> * is authenticated via LDAP
> * can add to /centrim/Members/gjp22 (the folder owned by gjp22
> (centrim/acl_users)).
>
> gjp22 can NOT:
>
> * delete the items added by gjp22 at /centrim/Members/gjp22
> * rename such items
> * see the Sharing tab at /centrim/Members/gjp22
Enable verbose security and try to invoke one of the denied
actions per URL.
Raphael
More information about the Setup
mailing list