[Zope3-dev] Initial thoughts on the Zope3 security framework
Martijn Faassen
faassen@vet.uu.nl
Mon, 10 Dec 2001 20:39:14 +0100
Guido van Rossum wrote:
> [Ken again]
> > I was trying to clarify "roles defined". I saw at least three
> > alternatives: declaration of role names, role-to-permission mapping, and
> > role-to-user mappings. In fact, it's the third - local roles express
> > role-to-user mappings. (As i went on to say, role-to-permision mappings
> > are done separately, and i also (patting myself on the back:) gave some
> > examples using local roles.)
>
> Ah, that *does* clarify things. So role names and role-to-permission
> mappings are totally global and central?
Hm, I don't think they are. At least role-to-permission mappings are
definitely locally as well (on folders and other objects which
inherit from the right baseclasses, currently). Oh, and roles can be
added locally (again on at least folders) as well, I just verified that.
[snip stuff on 'obtains'; see my posting :)]
Regards,
Martijn