[Zope] Stock User Folders - Who can add a user?
Oleg Broytmann
Oleg Broytmann <phd@phd.fep.ru>
Tue, 22 May 2001 23:56:24 +0400 (MSD)
On Tue, 22 May 2001, Astheimer, David (GXS) wrote:
> Which permission is required to allow a person to add/change/delete items
> in the standard User Folder? Granting the manager role to a person seems to
> do the trick. However, I'd like to open the User Folder to "lesser admins"
> who
> do not need full manager rights, but do need to add folks and dole out
> roles.
Don't you see a trap here? :)
See, your "lesser mnager" can add users. Well, she adds a user... with
mnagement rights! And immediatly login as this user!!!
If a person can mange users, she can get manager rights. So why not give
them anyway, without forcing them to cheat? :)
To developer: IWBN if the user who can add users would allowed to set
roles not higher than its own roles, wouldn't it?
Oleg.
----
Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru
Programmers don't die, they just GOSUB without RETURN.