You are here: Home / Documentation / How To's / How to debug missing permissions on a page

How to debug missing permissions on a page

by nguyen — published Aug 17, 2010 10:05 AM, last modified Aug 16, 2016 10:50 AM
if someone should be able to edit a page yet is unable to see the edit tab

Checking the Users and Groups configlet in Site Setup, click on Groups, and ensure that the person is in the correct group.

Check the Sharing tab for the folder in question (ie. click on its Contents tab first) to see that the above group has been granted "can edit" role.

Then add yourself to the same group that has sharing permissions in that folder and log into the site from another browser.  Check that you can edit the page in question.  

If you cannot, look at the ZMI Security tab and verify that the Acquire checkbox is checked for View, Modify portal content, and Access contents info permissions.  If Acquire is not checked, check it for those permissions and Save Changes.  Go back to the page in question and verify that you can edit the page now.

This highlights the potential danger in granting someone Administrator group membership (ie. Manager role) when they are not fully cognizant of the ways they can mess up a site.  Changes in the ZMI Security tab are to be avoided at all costs, because they are not exposed to the Plone user interface, making diagnosis of security/permissions issues even harder.  The only time anyone should be using the ZMI Security tab is in the creation of workflows, which is a completely different matter.  The ZMI Security tab should not be used otherwise.

Please also see the related how to below on the best way to grant permissions on a folder.