From e0c98edec730da9d1caf7c0322b66f45aca5b9fa Mon Sep 17 00:00:00 2001 From: Daniel Havlik Date: Thu, 14 May 2020 12:31:35 +0200 Subject: [PATCH] #770 mention the doc string restriction in the overview list of the default security policy --- docs/zdgbook/Security.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/zdgbook/Security.rst b/docs/zdgbook/Security.rst index e9e515a5b8..009181a11f 100644 --- a/docs/zdgbook/Security.rst +++ b/docs/zdgbook/Security.rst @@ -135,6 +135,10 @@ In short, the default Zope security policy ensures the following: user does not possess a role that has been granted the permission in question, access is denied. +- not directly part of the security policy, but also important is the + rule, that objects can only be published if they have a doc string. + + As we delve further into Zope security within this chapter, we'll see exactly what it means to associate security information with an object.