[Setup] Re: LDAP users can not rename or delete their own content in folders that they own

Raphael Ritz r.ritz at biologie.hu-berlin.de
Wed Feb 10 15:04:29 UTC 2010

Graham Perrin wrote:
> <http://www.wuala.com/Zope%20&%20Plone/Plone/2010/02/10/a/> screen shots
> 01--06 for a visual introduction to this problem. 
> According to ZMI, 
> ATFolder at /centrim/Members/gjp22  is owned by gjp22 (centrim/acl_users).
> The CENTRIM site has read-only access to ldap.sussex.ac.uk 
> and groups relating to this use of Plone are not stored on that LDAP server. 
> gjp22 currently has contributor and member roles at 
> /centrim/prefs_users_overview
> (but for the majority of LDAP users, the norm is to have the Authenticated
> role alone).
> Focusing on the problem:
> gjp22: 
>  * is authenticated via LDAP
>  * can add to  /centrim/Members/gjp22 (the folder owned by gjp22
> (centrim/acl_users)).
> gjp22 can NOT:
>  * delete the items added by gjp22 at /centrim/Members/gjp22 
>  * rename such items
>  * see the Sharing tab at  /centrim/Members/gjp22

Enable verbose security and try to invoke one of the denied
actions per URL.


More information about the Setup mailing list