[Zope3-dev] Initial thoughts on the Zope3 security framework

Ken Manheimer klm@zope.com
Sun, 9 Dec 2001 13:04:45 -0500 (EST) 

On Sun, 9 Dec 2001, Guido van Rossum wrote:

> > Hm, at least I know 'local role'. A local role is a role a user receives
> > dependent on what object he tries to access. I.e. I may have role 'manager'
> > in one place while only role 'anonymous' in another. Local role permissions
> > are acquired by subobjects. Currently local roles are settable in a
> > non-scalable sad stepchild screen in the ZMI hanging off the
> > security tab. They're pretty common in the types of sites I design,
> > so I'm glad to see they're gaining a more central place; non-local roles
> > are only a specialization of local roles, as they should be.
>
> OK, that makes sense -- just as there can be user folders sitting
> anywhere in a tree, there can be roles defined anywhere in the tree,
> and they propagate down in the same way.  Right?

Close.

Local roles map roles to user ids within the context of an object in the
database.  Eg, a folder may grant local role "reviewer" to joe_user, so
joe_user account gets reviewer role within the folder.  The role mappings
obtain for objects contained within the folders, so the local roles apply
for objects in the folder and in subfolders.

Local roles have played a pretty central role in most or all of the Zope
applications i've written - they're how the people with particular roles
in the application are assigned those roles.

Eg, in collector instances, the manager of the instance designates
supporters, effectively giving those accounts the 'reviewer' role within
the context of that collector. (Local roles associate role names with
account names.  Permission-to-role associations are separate mappings,
also associated with objects, and optionally acquired within them.)
These role assignments obtain for all the contained issues.  Along similar
lines, the person who submits an issue gets something to the effect of a
'creator' role within the context of the issue, getting the the creator's
permissions.

I have some complaints with the current local roles implementation of
local roles - i usually need to incrementally adjust role assignments in
ways that require iterating over the collection, and as martijn suggests
the TTW interface doesn't scale to sites with large numbers of users - but
all these complaints are superficial.  I think many Zope applications use
them the way i describe, and they're the right way to do it - they're a
key means to effectively employing Zope security...

-- 
Ken
klm@zope.com