In reaction on my posting on the UnpersonalizedZone class, someone asked me by personal e-mail how to prevent certain users access from the shared scope. This is indeed necessary information for the UnpersonalizedZone to be useful.
The access to the shared scope is enabled through web.config. It hooks into the new role management application that comes standard with ASP.NET 2.0. Through this application, you can create users and roles and assign users to roles. Using the provider model, you can use a storage backend of your choice (a database, an XML file ActiveDirectory, you name it...).
In web.config, you can specify which users and roles can switch from the Private to the Shared scope.
<webParts>
<personalization >
<authorization>
<allow roles="superusers" verbs="enterSharedScope" />
<deny users="*" verbs="enterSharedScope" />
</authorization>
</personalization>
</webParts>
This will allow only the users in the role superusers to switch to the shared scope. All other users are denied this privilege. Also, the users and roles attributes can contain multiple users and roles.
PS. The only two verbs that I am aware of are enterSharedScope (to view the page in it's unpersonalized form) and modifyState (to be allowed to switch to any mode but Browse).