Understanding permissions and security

Plone uses a combination of low-level Zope permissions, roles, local roles and workflows to manage permissions on objects. Understanding these will help you manage how, and by whom, your Plone site is accessed.

1. Permissions and roles The Zope security model is the first thing you need to understand.
2. Groups in Plone Plone adds the concept of a group of users to the basic Zope security model. Groups are convenient ways of managing roles (and thus permissions) for a number of users simultaneously.
3. Local roles and sharing Often, you want to give a user or group specific (usually elevated) permissions in a specific area of your site, but not site-wide. Enter local roles and the 'sharing' tab.
4. Controlling access with workflows In most instances, workflows, managed via the portal_workflow tool, are the correct way of managing permissions on your content.
5. Using permissions and workflow in your custom products When you are developing a Plone site, it is usually best to develop your customisations or new content types on the filesystem, as a new Zope product. Setting up workflows programatically using the portal_workflow tool is a bit of a pain, but luckily there are tools to make your life much easier. You also need to ensure you use the correct permission declarations on your objects.

All content on one page (useful for printing, presentation mode etc.)