Revoke permissions on folder from user


I created one user with Contributor role, then this user created one folder, i.e. folder1.
now i remove Contributor role for that user, only grant Member role to that.

But the user still has the owner role for the folder1 , how can revoke the permissions on the folder1 form the user through the Web GUI ?

Zope has an Owner role. Typically, the user creating an object gets this role on the object (Owner is the typical example of a so called "local role"). Usually, additional rights are granted to Owner.

There are two ways to take away rights in your case:

  • remove the Owner role from the user
  • remove rights granted to Owner

Both can be done via the management page .../manage_access. The main page is used for the permission to role association; it also contains a link for the "local role" management, including Owner management.

Note that for some permissions the permission to role mapping is controlled by the workflow and workflow state changes may change them, potentially "deleting" manual changes.

@dieter , for my case, i don't want to assign any permissions(i.e. can not add folder, can not add file ...) for that user in the folder1, any idea through Plone UI ? I think the ways through management interface is a bit complicated.

@tkimnguyen suggested that i change the owner of folder1 to someone else, but i can not find the owner of folder1 through Plone UI, instead only find the ownership of the folder1. While i changed the ownership of folder1 to somebody else, this issue was still not resolved.

Note that Zope has two "owner" related concepts: the "executable ownership" and the "local role" Owner. "Executable ownership" affects only executable objects (i.e. scripts and templates): it limits the effective permissions used during the execution of those objects to the intersection of the permissions of the current user and the permissions of the executable's owner.

To my knowledge, the easiest way to manage "local roles" (such as Owner) is via the ZMI. There might be a relation with Plone's "sharing" feature but I have not yet used this and do not know how it is implemented.