Verbose Security

Warning

This product has not had a release in over 1 year and may no longer be maintained.

VerboseSecurity is an add-on product for developers that helps explain the reason for denied security access. NOTE: Starting from Zope 2.8, VerboseSecurity is included in Zope, and you no longer need to download it separately - it should be enabled with a switch in zope.conf instead. This download is only available for historical reasons.

Project Description

Zope has a flexible, fine-grained security model that lets you configure context-dependent mappings from users to roles and from roles to permissions. The model fits most organizations' needs and has been used all over the world, but the flexibility sometimes comes at a price of complexity.

One major difficulty in using the Zope security model is its lack of clarity when access is denied. Because production sites should not reveal too much about the site to those who are denied access, the lack of verbosity in the default Zope security policy is appropriate for such sites. But site developers need more details.

This product attempts to explain the complete reasoning for failed access. It shows what object was being accessed, what permission is required to access it, what roles map to that permission in that context, the executable object and its owner, the effective proxy roles, and other pertinent information. All of this information appears in the exception message when access is denied.