[Zope] uses, roles and groups

Michel Pelletier michel@digicool.com
Wed, 15 Dec 1999 13:03:20 -0500


> -----Original Message-----
> From: Oliver Frommel [mailto:oliver@aec.at]
> Sent: Wednesday, December 15, 1999 12:41 PM
> To: zope@zope.org
> Subject: [Zope] uses, roles and groups
> 
> 
> Hello,
> 
> while trying to implement a Zope product encountered the 
> following problem:
> I think I understand the concepts of both users and roles, 
> roles being a set
> of permissions. In this connection groups (as in Unix) are 
> implemented just
> by putting the Zope user folders in the right place.

You could do it that way.  Or you can just give all the users in one
group the same role.  A user can have more than one role at one time,
the permissions that a user has is the union of the permissions of all
the roles that user has at that time.

> When I 
> want to have
> a more centralized user administration I'd need something 
> like a group 
> attribute for it, so I could give certain roles (in principle 
> I'd just need
> an editor role) dependent on the user belonging to a certain group.

Give them the editor role and a group role.  You can have any number of
various group roles.

> AFAIK none of the products USerDB, GUF oder etcUserFolder 
> provides hooks for
> this.

But they do allow you to store mulitple roles (well, not etcUserFolder,
but you can define default roles to folder users and assign them roles
dynamically).

-Michel