Plone 4.0.5 workflow and permission

I would be happy to get some advice on "workflow" type. Im not sure what is best - "Intranet/Extranet", "Simple Publication" or a third choice. Below are the types of folders and roles Im looking for:

• public folders: anonymous has "r".
• intranet folders: users has "r". Special use开发者_运维技巧rs has "rw".
• private folders: only user in question and admin has "rw" (special users has also "rw")
• special folder: users that are member of a group has "rw".

Lastly, I do not understand this, users with e.g. "read", "edit" or "contribute" role can see user folders (marked as private), but also a test folder created as admin (marked as private)? PS Im using "Intranet/Extranet" type.

Thanks. Nikolaj G.

You're confusing Roles and Permissions in your question. "read" and "write" would be permissions. Reader, Editor, Contributor are Roles.

In an Internet/Extranet workflow, Anonymous users (a Role) would get Read access to Public content.

Private content would be accessible to users with the Owner or Manager (Administrator) role

"Internally Published" content is readable by users with Contributor, Editor, Manager, Member, Owner and Reader roles, but only editable by Managers.

"Internal" would correspond to the "Intranet" setting you want - where most users get read access, but you can give users the "Editor" role (using the sharing tab) to allow them to modify content.

Your "special" folders would simply be in the "Internal" state, but you would grant the Editor role to a group rather than a user.

Your last paragraph doesn't make much sense. What do you mean by "created as admin"? Created by admin?

In the Internet/Extranet workflow, the only difference between Private and Internal states is that "Members" can not view private content - but Editors can modify it and Contributors can view it.

Go to /portal_workflow/intranet_workflow/states/manage_main in your site to see the various Role-to-permission mappings