You are here: Home / Documentation / How To's / How to prevent access to the ZMI

How to prevent access to the ZMI

by nguyen — published Mar 10, 2011 01:24 PM, last modified Aug 16, 2016 10:50 AM
The Zope Management Interface (ZMI) can be a dangerous place. Here's how to revoke access to it.

The following applies to Plone 3.x and 4.0.

Our current practice is not to grant Manager role (ie. membership in Administrators group) to anyone except highly trained system administration and Plone administration staff.  This is because we have had issues come up when someone less knowledgeable has made Plone site configuration changes inadvertently and may not have realized it, or even if they did, they did not know how to use the undo_form.

Currently, then, we give site owners membership in a Site Owners group which has been granted Site Owner role.  We essentially give Site Owner the same permissions as Manager role has, except for "View management screens".  That allows a site owner to do everything that a Manager could, except get access to the Zope Management Interface (ZMI) where serious damage could be done inadvertently. 

We have a product called uwosh.policy.siteowner that does this.  You can browse the source code or you can grab it from our SVN repo.