If, like me, you have been trying to resolve permission problems by checking and unchecking boxes in the ZMI Security tab in a trial-and-error fashion, there is in fact an easier way (I never doubted Plone for an instant 🙂 )
- Before going to the Security tab, you should first find the Actions tab for the process you want to control permissions for. By default, things like the top navigation tabs and the buttons at the bottom of the folder listing are controlled in the Actions tab of portal_actions.
- Things like the edit, properties and sharing tabs are defined seperately for each item type in portal_types: i.e to access the actions for an image, one would go to portal_types->image and click on the Actions tab. (The Content tab is defined globally in portal_actions).
- Scroll down to see the action you want to change the permissions for, and you will see the permission you need to change (there are cases where you might want to change this permission: for example, to stop object owners from accessing the properties tab, you would have to change the permission from ‘modify portal content’ to something like ‘manage properties’ and restrict that permission).