The basic question I have is: can I add a folder in ZMI, with the folder owned by zope admin, that will show on Plone site and function as a typical Plone folder?

Here is what I've tried:

1. In ZMI root, using the "add' in upper r/h corner I added: 'ATConentTypes: folder". Then I added a tab via portal actions. Worked in that tab shows on Plone site and clicking on it went to the URL; however, it wasn’t a folder

2. I tried: the 'plone.app.folder", again added tab in zmi and tab shows on the site. However, click tab gets a 'not found' (sorry for the big text below, I don't know how to stop it

So, can I add a folder in ZMI owned by zope admin that will show on Plone site and function as a typical Plone folder?

Background Info explaining why I want to do this.

I realize the use-case I'll describe below may not make sense to everyone, however, here is what I am trying to do.

I want to create a 'secure folder' at the root of my Plone site. This folder must be designed, from the beginning, to be as secure as possible because the contents would be expected to be very sensitive (e.g. tax documents). In considering whether the folder is secure or not, I am not thinking of people hacking into the site via a Plone vulnerability. I mean ensuring a complete lockdown of the folder expect those explictly given permissions, vs membership in a group. Also, I want to consider human error (site admin acting on folder and accidentally publishly, assigning new WF via placeful workflow, or sharing). Any of which would make this secure folder visible to unintented people.

Key to a secure folder, to me, is:

1. Create a folder which is owned by admin (Zope) not manger (Plone). The reason is to lock it down to only one person that could make changes. Manager role in Plone can be treated as a group and people easily added and this creates issues where newly added admn may accidentally/intentionally change WF via placeful WF, or share folder. Neither would be acceptable.
   Note: I tried the following, but wasn’t useful: create folder as admin, add manger and delete admin, save chagnes; however, admin is automatically added back. So, as best I can tell I need to create the folder in the zmi so it is owned by Zope admin and anything regarding the folder can only be changed bye Zope admin in the ZMI.

2. I created and assign WF that starts in private state and has no transitions, ensuring will always be private (this is completed).

3. I need to deal with placeful workflow (if installed) to prevent applying new WF (I'm in the process with this)

4. I need to deal with sharing. I found way to do this: (http://plone.293351.n2.nabble.com/plone-4-how-to-hide-disable-sharing-tab-for-a-custom-type-td5929905.html. (Still some minor issues (also hides sharing tab in everything below)

I know this is a long post; however, the basic question stated above is direct.
Thanks for any thoughts on how to do this.

Short answer: no
Stay away from the ZMI.

-aj

@zopyx short and to the point: unlike me

Do you stay away because it can't be done, or because I can't. I accept the latter; however interested in the former.
My use case may not interest everyone; however, I would really like to have a folder that meets the meets the needs I've defined.
So, is is possible, but difficult; or, not possible

thanks

Why do you want to do this in the ZMI? Why not login as your "zope admin" into Plone and create the folder in the normal (Plone) way?

it can't. in ZMI the functionality happens behind the add menu is only a subset from the one that happens in Plone.

Wayne, you don't need to use the ZMI.

Create a normal Plone folder, leave it private, and in the sharing tab uncheck "inherit permissions from parent". Then you have total control over who sees it. But if it has to be really secure (like tax documents), don't put it on the web...

First, thanks for setting me straight on the folder creation in Zope. I realize it wouldn't work, thanks for saving me lots of time.

Even when logged in as zope admin, when i create a folder, initially the ownership tab says 'admin' which is what I want. however, if I check back, 'admin' has been added so there is dual ownership. exactly what I don't want.
In my initial explanation, I identified three threat vectors ( I would add a fourth: the site admin/admin accidentally adding a person to the wrong group, giving them access to the folder) that would allow the admin/site admin to make the folder public. If we think to the number of news stories about sensitive information being published unintentionally or too soon, I believe there is a need for a folder that removes these threat vectors. I believe it is to facile to simply say "don't do it" . I take it I'm in the minority.
Security of information is extremely important, especially for the large organizations most of you folks work with. Wouldn't a well thought out secure folder be something they would be interested in?
Is it possible, through Plone, to create a folder only owned by zope admin? Why is plone manager always added?
thanks for your help.

Wayne,

You're making several assumptions that are not correct AFAICT.

1. Admin always has access.

You're keen on removing admin access because you don't trust the people with the admin role and are assuming admin always has access.

However, with a placeful workflow on your secret folder that turns permission acquisition off, you should be able to shut off admin. Basically you also need to also exclude owner, after first delegating permissions to another 'supersecretadmin' user.

I'm not sure excluding owner is really possible - you may have to let your supersecretadmin user create the folder (instead of admin - so the special user becomes owner) in which case that's not an issue

2. Locking down the folder prevents access to its children.

This is not true. You can turn off traversal but the child objects have their own security and may be inadvertently shared directly.

Given your threat model, I think a solution is feasible by:

• having a special user that monopolizes write and sharing permissions on your secure folder and all its children
• let the special user create the secret folder turning off permission acquisition and enforcing your special workflow on both the folder and its children
• use the special user only when needed to manage this folder and children (i.e. minimize risk of accidents).

thanks everyone for your comments, I realize this use case doesn't resonate with most of you, so I appreciate your time and suggestions. I am going to try working with a programmer to see if what I want to do is doable. I want to make a few other comments. If I find a way to do what I want, I'll post back here.

@dieter: I tried creating a folder when logged in as (zope) admin. At first the folder ownership is assigned to 'admin' - good. then following @tkimnguyen suggestion, I went into sharing and unchecked the inherit. However, when I went back to the folder ownership was given to both admin and (Plone) manager.

@gyst I will try this approach with someone I am working with. I'll let people know if I have success.

I realize the need for this secure folder isn't adopted by everyone. The reason I see this as important comes from my past life as an aviation engineer studying maintenance errors leading to accidents; and, the cyber security training at the University of Washington.. My approach has been colored by both.

First, my approach isn't because I trust admin more/less than Plone manger vs. user. etc. What was important to me is to look at a system, understand how human errors can impact what you are trying to to (in my case, provide a secure folder) and remove these error mechanisms. My goal is to have a folder secure enough to convince a very knowledgeable user (such as the large organizations you folks work with) that this folder has been secured by considering human error and cyber threat vectors. Second, security is multi-layered, looking to identify/remove/mitigate all threat vectors, where feasible. That's why I choose not to ignore these issues, if I can possibly mitigate them.

The Zope admin is important (vs. Manager) because only one Zope admin exists (at least in how I use it for Plone), but more importantly it isn't displayed in/managed by Plone. thus, the Manager can't act on the admin role my mistake or otherwise.

I would see this secure folder being installed by admin during site installation. Also, access to secure folder would be via permissions (not groups) as permissions are managed in Zope by admin and not accessible via Plone. As best I can tell,

Thanks, I'll see where this takes me.

Looks like some type of bug.

Zope/Plone knows two types of ownership: "executable ownership" (not relevant for content; only for executable objects such as scripts and templates) and the "Owner" role. I assume that "your" ownership is actually the second type.

The "Owner" role is typically managed as a so called "local role". This is a concept allowing to give a principal (i.e. an individual user or a user group) specific additional roles locally on a given object.

Formerly, the ZMI had a tab "Security" which allowed among others to manage local roles on the corresponding object. As one can do things there with surprising effects, the tab is now hidden. However, you can still access the functionality by a direct url
"<url_to_your_object>/manage_access". On the resulting ZMI page you see near the top a reference to "local roles". Follow the corresponding link and check the local roles for "Owner". If they are wrong, try to fix them. Some later actions in Plone might destroy your fix (another occurrence of the above bug).