Assigning roles in plone

Is there a way to programatically assign roles such as can add can edit on a plone website. I would really appreciate if there is a way to do so because i have to be going through every folders on my website and assign roles to each folders which is very tedious and time consuming.

im using plone 4.3 under python 2.7. Any any help would be appreciated, thanks in advance.

Why is the Plone sharing functionality not working for you?


do i have to manually do it? i have a lot of folders on my website and to go through all of them and add the sharing permissions is tedious. i was wondering if there is a way to program the sharing permissions to the folder.

You might want to describe exactly what is repetitive, so we can better help you understand your options? Diffferent folders often need different sharing setup.

You should also be thinking about:

(1) groups, not roles; groups are the means to the end of having the right role;

(2) Having workflow definition define your common role to permission binding for folder type(s).

A hunch: if the sharing tab is not what you want, a custom workflow definition is. These are easy to tweak from default workflows/permission, and are well documented (the workflow engine here, DCWorkflow, was written over 15 years ago, and has not changed much at all -- plus, you can do all this in a browser in the ZMI, then export your custom workflow to an installable product).


adding privileges/roles is repetitive. i have to click on the folders sharing tab to add users who can add document or publish a document.i was just wondering if there is a easier way to do it.

Add those users to the 'Contributors' and 'Reviewers' groups, respectively. That'll give them those rights globally across the site. If that's not what you want, you can restructure your site tree to minimize clicks (permissions are inherited). Or, set up a custom workflow.

in this case i cant assign the users to contributor or reviewer group because in some cases those persons who are assigned to the contributors group are reviewers in some other section of the website.

(Almost) everything you can do via the Web interface, you can also do programmatically (exceptions are only the cases which are using the browser's Javascript engine - which is not the case for assigning roles). The Web interface typically invoke views which (after some setup) you can invoke also yourself in a program.

And the other way around. Such views typically delegate to backend code you can run yourself without invoking the views.

In this specific case, use plone.api.user.grant_roles: Or, set up a group system and use to manage access. This will be more performant.