[Zope3-dev] Initial thoughts on the Zope3 security framework
Martijn Faassen
faassen@vet.uu.nl
Tue, 11 Dec 2001 02:20:12 +0100
Ken Manheimer wrote:
> On Tue, 11 Dec 2001, Martijn Faassen wrote:
> > Ken Manheimer wrote:
> > [snip]
> > > I think that, ideally, it's relatively rare to create new roles, while
> > > role-to-permission mappings are typically adjusted on a per-product basis,
> > > and role-to-account mappings are adjusted (using local roles) on a
> > > per-instance basis to assign privileges to particular users within the
> > > context of the instance.
> >
> > While this seems to make sense, it doesn't seem to include the use case
> > where I want to close a certain section of the site to anonymous.
> > Role to permission mappings there don't seem to be adjusted on a per-product
> > basis, right?
>
> I agree. I did say "typically" (and i did cite the tweaking of the
> anonymous/view mapping elsewhere in the message - i guess that's the
> archtypal example...)
Yes, I saw it later, sorry.
Perhaps it is really the *only* example; I can't think of any other ones!
That may be a deficiency in my mind due to the lateness of the hour, but
it may hint at something interesting as well. :)
Regards,
Martijn