[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security
Sun, 22 Sep 2002 13:22:59 -0400
A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-4
Once you've been authenticated, Zope determines whether or not you
have access to the protected resource. This process involves two
intermediary layers between you and the protected resource,
*roles* and *permissions*. Users have roles which describe what
they can do such as "Author", "Manager", and "Editor". Zope
objects have permissions which describe what can be done with them
such as "View", "Delete objects", and "Manage properties".
% Anonymous User - Sep. 22, 2002 1:22 pm:
Roles classify users? How many roles can a single user have? At any one time?
Permissions classify object access (attribute read/write+method calls)? Right?