Plone group permission notes
From Julian Yap
From the gmane.comp.web.zope.plone.user user group.
Anyway, let me tell you my suggested method clearly. A. ONe time operation:
create 2 roles:
1 deptuser - set the permission
2 deptsuper - set the permission
B. Whenever created a department, e.g. COMPUTER:
create 2 groups
1. COMPUTERuser - add the users
2. COMPUTERsuper - add the users
3. go to the department folders and "sharing" the COMPUTERuser deptuser role for it
4. go to the department folders and "sharing" the COMPUTERsuper deptsuper role for it
This approach will avoid messy situation since it conclude all messy thing in section A, which need to be done once only.
Once one department works, you can just continue the B section.
plone - How to make folders accessible for only certain users
Summary: - in ZMI create a new role - remove aquired priveleges for protected folder and assign approprite priveleges for new role - then in plone go to sharing tab for folder and add selected users to the role.
What you should've done instead is generated new workflow based on folder_workflow, create new content type based on Folder, assigned new workflow to new Folder and also don't forget to change security settings in workflow on specific states.
It's a bit hard to debug without more details, but you may find the following useful in understanding the differences between the various security mechanisms in Plone:
http://plone.org/documentation/tutorial/understanding-permissions
Secondly - the Member role is used for various things in Plone; by default, new users all have the Member role. It may be better to create a new role e.g. PrivateViewer, assign this in the workflow for ti allow viewing of 'private' content (in plone_workflow and folder_workflow), and then use the Sharing tab to give your group this role in a folder that is in the 'private' state.
