Local roles and sharing

The 'sharing' tab on standard Plone content is what lets you give people different permissions in different areas. If it is not shown, you can find it by appending '/folder_localrole_form' to a URL.

On the local role form, you can search for another user and assign that user roles. You can also assign roles to groups (see the previous page). Most commonly, you will give other users either the Owner or Manager role over your content to give them the ability to modify it, but with custom permissions and roles, you may have other roles to grant.

Note that role selection will acquire down, so if a user has Manager role at the '/stuff' folder, they will also have it at '/stuff/documents/my-document'. Currently (until Plone 2.1, most likely), local roles can be added at a lower level in the acqusition tree, but not taken away. That is, if you give a user Manager permissions at '/stuff', there is no way to prevent him or her from having the Manager permission at '/stuff/documents'. This is summarised in PLIP 16.

A common way of using local roles is to give the members of a particular portal group Manager permissions in a given folder. For example, to give all members of the 'A-Team' group free reins in the '/missions' folder, go to '/missions/folder_localrole_form' either by typing in the URL or clicking the 'sharing' tab in that folder, and assign the Manager local role to the 'A-Team' group.