Hi,

could you make this receipe accessible ? plz :) I don't know if you know that this site is revered from plone.org -> http://plone.org/documentation/how-to/collective-user

well tia and wish you more time with your familiy

greets

ps.: this link is broken -> http://tomster.org/geek/plonezope/limitedaccess

here you have a copy of the original even if pics are missing

****

How to make folders accessible for only certain users

Document Actions

Actually a common requirement: you want to share confidential information with a select group of users. Plone purports to make this easy, but like often, the reality is a bit more complex... (And yes, this means trips to the ZMI!)

The Objective Create Folders that are accessible only to specific users. I.e folder A is accessible only to User Joe, B to Mary and C to both.

The Problem If one would go about straightforwardly with a vanilla Plone setup, the folders and their contents wouldn't be really inaccessible but rather just invisible to unauthorized users, i.e. entering the URL of a document inside such a folder into the browser would yield that document even to an anonymous user!

To really make your folder watertight you will have to initually create a new Role (in the ZMI) and then grant specific rights for that role for each folder (again in the ZMI) and finally assign specific Users (or Groups) to that role in Plone.

The Setup In this example we will assume, that Joe and Mary only shall have read-access, i.e. we're implementing a privilieged download section.

First, create an appropriate Role in the ZMI of your Plone site and name it ReadOnly. Click onto the 'Security'-tab of your Plone's root folder. Scroll (all the way) down to the bottom, enter ReadOnly at 'User Defined Roles' and click Add Role.

The Procedure Create a folder privileged at the root level of your plone site (using the Plone interface!). Inside it, create three Folders A, B and C. Now, in the ZMI navigate to folder A and click its 'Security'-tab. Now deselect(!) the 'Aquired'-property from the Access contents information and 'View'-Permission and assign it (at least!) to the 'ReadOnly'-Role and unassign it from the 'Anonymous'-Role.

Back in the Plone interface click on the 'Sharing'-tab of folder A, search for the User Joe and assign him the Read-Only role:

Voila! Now only Joe (and any Managers) can access folder a (without being able to modify its contents). Try logging in as Joe and Mary and see the difference.

Hopefully, this functionality will soon be part of plone!

Created by tomster Last modified 2004-08-29 12:49

****

Hi,

i tried your suggestion, but the problem is: If the folder with restricted access is in another folder, it's "parent folder", then no user (Who is not manager owner or in the Read-Only group) can look at the parent folder. How can i give all users access to that "parent folder" without giving them permission to access the restricted folder?