[Zope3-dev] Initial thoughts on the Zope3 security framework
Chris Withers
chrisw@nipltd.com
Tue, 11 Dec 2001 17:51:51 +0000
Martijn Faassen wrote:
>
> I meant that role-to-permission mappings are frequently adjusted on
> a per instance basis, as opposed to on a per-product basis. The per-instance
> basis mapping needs to happen in order to close off sections of a site
> to anonymous. Perhaps there's a better way that uses local roles only,
> but I haven't thought of one yet.. perhaps there's a possibility for a
> 'viewer' core role, and an anonymous *group* which everyone who hasn't
> authenticated is part of -- then you need a way to assign a viewer role to the
> anonymous group in the root of the site, and also the possibility to take
> it away again in those sections of the site you don't want anonymous
> users to view.
Does all this come back to the fact that Zope's security machinery really needs
proper groups?
cheers,
Chris