I would suggest using sections to accomplish your goal. If you create a new section called "secure" in the setup/sections area, then apply that section to the node you want to hide, it will prevent anonymous users from seeing it or any of its children.
The next step would be to create a new role that allows some users to see the content. Add a new role that allows the content/read policy for the new section (secure). Then assign the new role to a new user group, and any user who logs in as a member of that group will be able to see the secure section after login .
Sounds like what I need. But can't I do it the other way round? I created a section and now I thought it would be simplert to tell just one group (anonymous user) that they are *not* allowed to view. But everybody else is per default.
As far as I know this is not possible (yet). You can only allow something, forbidding something is not possible. Although it would certainly be a nice feature.
Hi, the permission system of ezpublish only works with "positive rules", that is, each new role is empty (which means, you cannot do anything with it) and you will have to add "allow-this"-policys for that role.
If you want to hide parts of your content (a subtree) from everyone, just create a new section and assign it to that subtree. Thus, only the users with the "Administrator" role will have access to it.
Quick links:
http://ez.no/doc/ez_publish/user_manual/3_8/the_administration_interface/the_user_accounts_tab/roles_and_policies http://ez.no/doc/ez_publish/user_manual/3_8/daily_tasks/managing_sections
Using sections, you can create (or edit) roles to allow access (for example: read-only) to that new section.
If you want to hide the section completely (only admin will have access to it), you could _hide_ it: http://ez.no/doc/ez_publish/user_manual/3_8/daily_tasks/hiding_and_revealing_content