This note tries to provide help on troubleshooting security and permission based problems. Make sure you have read How to set Access Permissions, this can already solve many issues.

Table of Contents

• Update Local Roles
• Add Missing ERP5Type_getSecurityCategoryMapping
• Related Articles

Update Local Roles¶

After you made notification to roles on a specific portal type make sure to call Update Local Roles¶ from the actions menu to make your changes come into effect.

Add Missing ERP5Type_getSecurityCategoryMapping¶

"""
Understand this and make it suit your needs
"""
return (
# This one combines function, type of procedure and destination to generate a security group
#  ('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['destination', 'function', 'publication_section', ] ),
# This one is the usual group and function security
#  ('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['function', 'group',] ),
#  ('ERP5Type_getSecurityCategoryFromAssignmentParentGroup', ['function', 'group',  ]),
# This one is the usual group, function and site security, needed if access rights depend on site
#  ('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['function', 'group', 'site'] ),
# This one is the usual group security
#  ('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['group',] ),
#  ('ERP5Type_getSecurityCategoryFromAssignmentParent', ['group',] ),

# This one is the usual function security
#  ('ERP5Type_getSecurityCategoryFromAssignment', ['function'] ),
# This one is the usual role security
#  ('ERP5Type_getSecurityCategoryFromEntity', ['role'] ),
#  ('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['role', ]),
# This one combines role and publication_section
#  ('ERP5Type_getSecurityCategoryFromAssignmentStrict', ['publication_section', 'role', ] ),

)

This script is added during configuration of your ERP5 instance. If you do not use the configurator, it may be missing. This will cause your correct permissions to not have any effect, because the category mapping has not been made.

To add it, simply copy the script to your portal_skins/custom folder or where you deem suitable and uncomment the category mapping you would like to utilize. Note it is not necessary to call the script, it will be run automatically whenever permission rights are being evaluated for a document.

Related Articles¶

• Guidelines | Configuration And Project Business Templates Must Include Roles For Group, Site And Function
• Guidelines | Define Module Author And Auditor In Roles Tab Based On Use Cases
• Guidelines | Define The Roles Allowed To Excecute A Transition
• Guidelines | Generic Business Templates Must Have Security Roles Set On States And Transitions
• Guidelines | Include Module Base Categories In Business Template
• Guidelines | Include Module Local Roles In Business Template
• Guidelines | Inside The Roles Tab, Assignor, Assignee, Associate And Auditor Must Be Defined
• Guidelines | Python Class Method Should Have Security Declaration
• Guidelines | Unset Acquire Local Roles On Document Portal Type Configuration If Applicable
• HowTo | Differentiate ERP5, Zope and Developer User
• HowTo | Set User Access Permissions
• HowTo | Understand ERP5 Security
• HowTo | Use Multiple Users Simultaneously
• HowTo | Use Security Based On Role, Group And Function
• Technical Note | Authentication Infrastructure
• Technical Note | Catalog Roles
• Technical Note | System Backup
• Technical Note | Upgrading Security
• Technical Note | User Permisson Troubleshooting