[Zope3-dev] Initial thoughts on the Zope3 security framework

[Ken Manheimer]

On Tue, 11 Dec 2001, Martijn Faassen wrote:

> Ken Manheimer wrote:
> [snip]
> > I think that, ideally, it's relatively rare to create new roles, while
> > role-to-permission mappings are typically adjusted on a per-product basis,
> > and role-to-account mappings are adjusted (using local roles) on a
> > per-instance basis to assign privileges to particular users within the
> > context of the instance.
>
> While this seems to make sense, it doesn't seem to include the use case
> where I want to close a certain section of the site to anonymous.
> Role to permission mappings there don't seem to be adjusted on a per-product
> basis, right?

I agree.  I did say "typically" (and i did cite the tweaking of the
anonymous/view mapping elsewhere in the message - i guess that's the
archtypal example...)

-- 
Ken
klm@zope.com