--- a/src/pyams_utils/site.py	Wed Apr 11 10:50:38 2018 +0200
+++ b/src/pyams_utils/site.py	Wed Apr 11 16:41:53 2018 +0200
@@ -17,7 +17,7 @@
 
 # import interfaces
 from pyams_utils.interfaces import PYAMS_APPLICATION_SETTINGS_KEY, PYAMS_APPLICATION_DEFAULT_NAME, \
-    PYAMS_APPLICATION_FACTORY_KEY
+    PYAMS_APPLICATION_FACTORY_KEY, PUBLIC_PERMISSION
 from pyams_utils.interfaces.site import ISiteRoot, ISiteRootFactory, INewLocalSiteCreatedEvent, ISiteUpgradeEvent, \
     ISiteGenerations, SITE_GENERATIONS_KEY, IConfigurationManager
 from zope.annotation.interfaces import IAnnotations
@@ -30,7 +30,7 @@
 from pyams_utils.registry import get_utilities_for, query_utility
 from pyramid.exceptions import NotFound
 from pyramid.path import DottedNameResolver
-from pyramid.security import Allow, ALL_PERMISSIONS
+from pyramid.security import Allow, Everyone, ALL_PERMISSIONS
 from pyramid.threadlocal import get_current_registry
 from pyramid_zodbconn import get_connection
 from zope.container.folder import Folder
@@ -47,10 +47,13 @@
     A site root can be used as base application root in your ZODB.
     It's also site root responsibility to manage your local site manager.
 
-    BaseSiteRoot defines a basic ACL which gives all permissions to system administrator.
+    BaseSiteRoot defines a basic ACL which gives all permissions to system administrator,
+    and 'public' permission to everyone. But this ACL is generally overriden in subclasses
+    which also inherit from :ref:`pyams_security.security.ProtectedObject`.
     """
 
-    __acl__ = [(Allow, 'system:admin', ALL_PERMISSIONS)]
+    __acl__ = [(Allow, 'system:admin', ALL_PERMISSIONS),
+               (Allow, Everyone, {PUBLIC_PERMISSION})]
 
     config_klass = None