[Web4lib] Account Security and Management

Thomas Bennett bennetttm at appstate.edu
Wed May 31 15:18:39 EDT 2006 

I have used Zope ( http://www.zope.org ) since about 1998.  It has built-in 
acl folders for allowing access.  I add a new user and set roles for that 
user.  Roles may be thought of as groups in this situation.  Security 
(access) is given to roles.  I usually set a role for each folder in the root 
directory and name the role the same as the directory.  For instance, if 
someone has the 'reference' role that person has certain permissions for the 
reference folder and every folder below that unless specifically specified 
differently in the child folder.  By default, new folders are set to inherit 
permissions from the parent folder when created.  This is not a content 
management system.  Plone, Nuxeo, and others can "sit on top" of Zope to do 
that.  A really nice feature is the undo tab.  The administrator can view 
changes under the undo tab for each "object" and see which user and when 
changes were made and simply click undo to retrieve the latest copy or choose 
one of the lower undos since there is multiple undo selections.  The entire 
site is a database and when the administrator packs the database the undos 
are limited to back as many days as the database was packed.  The database 
can be packed for up to a specified number of days and any data entered 
before that time is permanently gone unless the author has a copy on his or 
her machine.  ftp and webdav are supported for uploading to the server or the 
builtin WEB form can be used to edit a page.  There are many more features 
but that should maybe be another thread ;-) .  

Of course I expect this route would require you to move your  entire site.  It 
might help to know what you are already dealing with to give more relative 
suggestions.

Thomas

On Wednesday 31 May 2006 11:59, hon hon wrote:
> Dear friends,
>
>   The library I am working with currently allow all the subject librarians
> to access the library web server using the same username/password combo as
> the webmaster's. Everybody basically can not only manage his own folder,
> but also possible to mess up other people's folders. It has been working in
> this way for years and occationally bad things happened when somebody
> accidentally messed up our library homepage. I am wondering how you guys
> manage your sites to set up permissions to allow the subject librarians to
> access the server. Do you create acccount for each individual librarian to
> access the library server?
>
>   Many thanks,
>
>   Hon
>
>
> ---------------------------------
> New Yahoo! Messenger with Voice. Call regular phones from your PC and save
> big. _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/

-- 
====================================================================
Thomas McMillan Grant Bennett		Appalachian State University
Computer Consultant III			P O Box 32026
University Library				Boone, North Carolina 28608
(828) 262 6587

An important measure of effort in coding is the frequency with which you write 
something that doesn't actually match your mental representation of the 
problem, and have to backtrack on realizing that what you just typed won't 
actually tell the language to do what you're thinking. -Eric Raymond

Library Systems Help Desk: http://linux.library.appstate.edu/help
====================================================================

More information about the Web4lib mailing list