"has_credential: groupname" is not the right way to check for a group.
The right approach is to assign permissions *to the group*, and then check for those permissions with: actionName: is_secure: on credentials: [permission-name-here] You can assign permissions to a group via the sfGuardGroup module or the sfGuardPermission module. This way you can write secure code without worrying about which groups will later be given permission to do which things. While you're at it, make very sure you lock down the sfGuardUser, sfGuardGroup and sfGuardPermission modules themselves with: default: is_secure: on credentials: [admin] Do this at the app level: apps/frontend/modules/sfGuardUser/config/security.yml And the same for the other two modules. sfGuard does NOT do this by default. If you neglect this step your entire users and permissions setup is wide open for anyone to waltz in and make themselves a spiffy new superadmin account. -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
