Verbose Security
VerboseSecurity is an add-on product for developers that helps explain the reason for denied security access. NOTE: Starting from Zope 2.8, VerboseSecurity is included in Zope, and you no longer need to download it separately - it should be enabled with a switch in zope.conf instead. This download is only available for historical reasons.
Current release
Verbose Security 0.6
Released Apr 05, 2005 — tested with Plone 2.0.5
This version is compatible only with Zope 2.7, and no longer requires the Python security machinery to be enabled. NOTE: If you're running Plone 2.1 or later, this should not be necessary, use the switch in zope.conf instead.
-
Get
Verbose Security
for
all platforms
(0 kB)
- Product Package
Project Description
Zope has a flexible, fine-grained security model that lets you configure context-dependent mappings from users to roles and from roles to permissions. The model fits most organizations' needs and has been used all over the world, but the flexibility sometimes comes at a price of complexity.
One major difficulty in using the Zope security model is its lack of clarity when access is denied. Because production sites should not reveal too much about the site to those who are denied access, the lack of verbosity in the default Zope security policy is appropriate for such sites. But site developers need more details.
This product attempts to explain the complete reasoning for failed access. It shows what object was being accessed, what permission is required to access it, what roles map to that permission in that context, the executable object and its owner, the effective proxy roles, and other pertinent information. All of this information appears in the exception message when access is denied.
