- Beef up documentation related to ``set_default_permission``: explicitly

mention that default permissions also protect exception views.
author: Chris McDonough <chrism@plope.com> 2011-01-27 17:59:07 -0500
committer: Chris McDonough <chrism@plope.com> 2011-01-27 17:59:07 -0500
commit: 2021a002c125f24995c78602e2f4b68df46b71f8 (patch)
tree: 75ca38d9967524296a447c84f8d48713dae4a405 /docs
parent: e9bf10e1668a581fd2f424eeed8d3b3d9d03306e (diff)
download: pyramid-2021a002c125f24995c78602e2f4b68df46b71f8.tar.gz
pyramid-2021a002c125f24995c78602e2f4b68df46b71f8.tar.bz2
pyramid-2021a002c125f24995c78602e2f4b68df46b71f8.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 783810734..8b3427675 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -204,6 +204,13 @@ When a default permission is registered:
   and the view is registered *without* a permission (making it
   available to all callers regardless of their credentials).
 
+.. warning::
+
+   When you register a default permission, *all* views (even :term:`exception
+   view` views) are protected by a permission.  For all views which are truly
+   meant to be anonymously accessible, you will need to associate the view's
+   configuration with the ``__no_permission_required__`` permission.
+
 .. index::
    single: ACL
    single: access control list
author	Chris McDonough <chrism@plope.com>	2011-01-27 17:59:07 -0500
committer	Chris McDonough <chrism@plope.com>	2011-01-27 17:59:07 -0500
commit	2021a002c125f24995c78602e2f4b68df46b71f8 (patch)
tree	75ca38d9967524296a447c84f8d48713dae4a405 /docs
parent	e9bf10e1668a581fd2f424eeed8d3b3d9d03306e (diff)
download	pyramid-2021a002c125f24995c78602e2f4b68df46b71f8.tar.gz pyramid-2021a002c125f24995c78602e2f4b68df46b71f8.tar.bz2 pyramid-2021a002c125f24995c78602e2f4b68df46b71f8.zip