Permission Problems

classic Classic list List threaded Threaded
5 messages Options
Sam Allgood Sam Allgood
Reply | Threaded
Open this post in threaded view
|

Permission Problems

Can anyone help with identifying sources of permission restrictions
other than the security tabs and workflows? I am getting Insufficient
Privilege errors when trying to add an archetype object and the error
message is pointing to existing permissions that I can't find a match
for in any of these areas. My training and documentation searches have
led to trying to control permissions in the workflows, but the system
seems to be getting the permissions from some other source. Also, using
a script provided by one of our trainers, I see that my user permissions
in the context do not match what I expect and I can't find where it is
getting these permissions from either.

Thanks,
Sam Allgood



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Raphael Ritz Raphael Ritz
Reply | Threaded
Open this post in threaded view
|

Re: Permission Problems

Sam Allgood wrote:
> Can anyone help with identifying sources of permission restrictions
> other than the security tabs and workflows? I am getting Insufficient
> Privilege errors when trying to add an archetype object and the error
> message is pointing to existing permissions that I can't find a match
> for in any of these areas.

What permission is this?

> My training and documentation searches have
> led to trying to control permissions in the workflows, but the system
> seems to be getting the permissions from some other source. Also, using
> a script provided by one of our trainers, I see that my user permissions
> in the context do not match what I expect and I can't find where it is
> getting these permissions from either.

First thing to do in such cases is always to enable
VerboseSecurity  (an add-on product up until Zope-2.7.x
but included since Zope-2.8 - there you enable it in the
config) and see what it reports.

Raphael

>
> Thanks,
> Sam Allgood
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Sam Allgood Sam Allgood
Reply | Threaded
Open this post in threaded view
|

Re: Permission Problems

Raphael Ritz wrote:

> Sam Allgood wrote:
>
>> Can anyone help with identifying sources of permission restrictions
>> other than the security tabs and workflows? I am getting Insufficient
>> Privilege errors when trying to add an archetype object and the error
>> message is pointing to existing permissions that I can't find a match
>> for in any of these areas.
>
>
> What permission is this?
>
>> My training and documentation searches have led to trying to control
>> permissions in the workflows, but the system seems to be getting the
>> permissions from some other source. Also, using a script provided by
>> one of our trainers, I see that my user permissions in the context do
>> not match what I expect and I can't find where it is getting these
>> permissions from either.
>
>
> First thing to do in such cases is always to enable
> VerboseSecurity  (an add-on product up until Zope-2.7.x
> but included since Zope-2.8 - there you enable it in the
> config) and see what it reports.
>
> Raphael
>
>>

VerboseSecurity is what has been reporting the error and permission
restrictions that I can't find. Here's the main message:

Exception Value   Your user account does not have the required
permission. Access to 'addBankruptcyOutsideContacts' of
(__FactoryDispatcher__ instance at 0248DDF0) denied. Your user account,
kknight, exists at /Plone/acl_users. Access requires
Add_BankruptcyOutsideContactss_Permission, granted to the following
roles: ['Manager']. Your roles in this context are ['App User',
'Authenticated'].

I have checked the security tabs at all levels within my application and
they all give Add_BankruptcyOutsideContacts permission to the 'App User'
role, which role this user has by virtue of belonging to a group with
'App User' role. I also tried explicitly giving this user 'App User'
role and got the same results.

The way I understand this message is that in the context, only 'Manager'
has this permission and I can't find anywhere a security setting that
restricts this permission to Managers.

>> Thanks,
>> Sam Allgood
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by:
>> Power Architecture Resource Center: Free content, downloads, discussions,
>> and more. http://solutions.newsforge.com/ibmarch.tmpl
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
J Cameron Cooper J Cameron Cooper
Reply | Threaded
Open this post in threaded view
|

Re: Re: Permission Problems

Sam Allgood wrote:

> Raphael Ritz wrote:
>
>> Sam Allgood wrote:
>>
>>> Can anyone help with identifying sources of permission restrictions
>>> other than the security tabs and workflows? I am getting Insufficient
>>> Privilege errors when trying to add an archetype object and the error
>>> message is pointing to existing permissions that I can't find a match
>>> for in any of these areas.
>>
>>
>>
>> What permission is this?
>>
>>> My training and documentation searches have led to trying to control
>>> permissions in the workflows, but the system seems to be getting the
>>> permissions from some other source. Also, using a script provided by
>>> one of our trainers, I see that my user permissions in the context do
>>> not match what I expect and I can't find where it is getting these
>>> permissions from either.
>>
>>
>>
>> First thing to do in such cases is always to enable
>> VerboseSecurity  (an add-on product up until Zope-2.7.x
>> but included since Zope-2.8 - there you enable it in the
>> config) and see what it reports.
>>
>> Raphael
>>
>>>
>
> VerboseSecurity is what has been reporting the error and permission
> restrictions that I can't find. Here's the main message:
>
> Exception Value      Your user account does not have the required
> permission. Access to 'addBankruptcyOutsideContacts' of
> (__FactoryDispatcher__ instance at 0248DDF0) denied. Your user account,
> kknight, exists at /Plone/acl_users. Access requires
> Add_BankruptcyOutsideContactss_Permission, granted to the following
> roles: ['Manager']. Your roles in this context are ['App User',
> 'Authenticated'].

You need to be careful here: notice the extra 's' on the end of the
permission name. It may be that the permission on the method is
misspelled to a point that is cannot be granted.

I've also seen this problem is some other circumstance, but cannot remember.

                --jcc

> I have checked the security tabs at all levels within my application and
> they all give Add_BankruptcyOutsideContacts permission to the 'App User'
> role, which role this user has by virtue of belonging to a group with
> 'App User' role. I also tried explicitly giving this user 'App User'
> role and got the same results.
>
> The way I understand this message is that in the context, only 'Manager'
> has this permission and I can't find anywhere a security setting that
> restricts this permission to Managers.



--
"It is only by doing things others have not
that one can advance."  - Gen. George S. Patton, Jr.
http://jcameroncooper.com


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Sam Allgood Sam Allgood
Reply | Threaded
Open this post in threaded view
|

Re: Permission Problems

J Cameron Cooper wrote:

> Sam Allgood wrote:
>
>> Raphael Ritz wrote:
>>
>>> Sam Allgood wrote:
>>>
>>>> Can anyone help with identifying sources of permission restrictions
>>>> other than the security tabs and workflows? I am getting
>>>> Insufficient Privilege errors when trying to add an archetype object
>>>> and the error message is pointing to existing permissions that I
>>>> can't find a match for in any of these areas.
>>>
>>>
>>>
>>>
>>> What permission is this?
>>>
>>>> My training and documentation searches have led to trying to control
>>>> permissions in the workflows, but the system seems to be getting the
>>>> permissions from some other source. Also, using a script provided by
>>>> one of our trainers, I see that my user permissions in the context
>>>> do not match what I expect and I can't find where it is getting
>>>> these permissions from either.
>>>
>>>
>>>
>>>
>>> First thing to do in such cases is always to enable
>>> VerboseSecurity  (an add-on product up until Zope-2.7.x
>>> but included since Zope-2.8 - there you enable it in the
>>> config) and see what it reports.
>>>
>>> Raphael
>>>
>>>>
>>
>> VerboseSecurity is what has been reporting the error and permission
>> restrictions that I can't find. Here's the main message:
>>
>> Exception Value      Your user account does not have the required
>> permission. Access to 'addBankruptcyOutsideContacts' of
>> (__FactoryDispatcher__ instance at 0248DDF0) denied. Your user
>> account, kknight, exists at /Plone/acl_users. Access requires
>> Add_BankruptcyOutsideContactss_Permission, granted to the following
>> roles: ['Manager']. Your roles in this context are ['App User',
>> 'Authenticated'].
>
>
> You need to be careful here: notice the extra 's' on the end of the
> permission name. It may be that the permission on the method is
> misspelled to a point that is cannot be granted.
>
> I've also seen this problem is some other circumstance, but cannot
> remember.
>
>         --jcc

Cameron, it looks like you are correct. Someone else pointed that out
earlier. I knew this was the case but had not pursued it thinking that
surely having an object name ending in 's' would not screw up security.
Well, I went ahead and made the appropriate changes and, voila, it
works! Looks like a bug to me!!!

>
>> I have checked the security tabs at all levels within my application
>> and they all give Add_BankruptcyOutsideContacts permission to the 'App
>> User' role, which role this user has by virtue of belonging to a group
>> with 'App User' role. I also tried explicitly giving this user 'App
>> User' role and got the same results.
>>
>> The way I understand this message is that in the context, only
>> 'Manager' has this permission and I can't find anywhere a security
>> setting that restricts this permission to Managers.
>
>
>
>



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users