Sections

Zope 3 and Grok come with authorization capabilities out of the box. While a vanilla Zope 3 application protects all content by default and performs authorization checks on the content objects themselves, Grok allows access to everything unless you explicitly restrict it. The authorization checks here are done based on the Views used to access (display/manipulate) the content.

All content on one page (useful for printing, presentation mode etc.)

Setup Code Imagine a Grok module for holding Contact Info called contact.py. By default, anyone is able to view the ViewContact view.
Defining Permissions and restricting access As all Views in Grok default to public access, anyone can use the ViewContact view. If you want to restrict access to a view, you have to explicitly protect it with a permission.
Granting Permissions You can grant permissions to principals with a PermissionManager. For example, if all registered users should have permission to view contact details and to create new contacts, you could grant them the permissions when the user account is created.
Checking Permissions [FIXME How to check permissions in a page template and from python code? User Interfaces should not contain any links/actions which users cannot access / for which users don't have authorizations]
Defining Roles Permissions can be grouped together in Roles, which makes granting all the permissions for a particular type of user much easier. Defining roles is similar to defining permissions.