Personal tools
You are here: Home Members tseaver Software ZopeSecurityAudit ZopeSecurityAudit-1.0 README.txt
Navigation
Log in


Forgot your password?
 
Document Actions

README.txt

by Tres Seaver last modified 2006-07-12 03:37

Overview

Zope's fine-grained security model is powerful, but hard to manage. This tool gives the system administrator an overview of the security status of the site, by searching for "exceptions" to the default / acquired behavior. In particular, it flags all objects which meet have any of these criteria:

  • Local role assigments;
  • Proxy roles;
  • Overridden permission mappings;
  • Executable ownership which differes from the ownership of the 'aq_parent';
  • Owner local roles which don't include the executable owner (leave out System Processes for unowned).

Installation

  1. Untar the tarball, into the Products of your Zope instance (on the filesystem).
  2. Restart Zope.
  3. Using the Zope management interface, create a Security Audit instance from the Add menu.
  4. View the Audit tab of the instance.
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: