[Zope3-dev] Initial thoughts on the Zope3 security framework

[Chris Withers]

Guido van Rossum wrote:
> 
> My main concern however is with the enormous proliferation of
> permissions, which make security management difficult: there are too
> many places where a permission could be set, and it's hard to find out
> (impossible AFAIK using only the ZMI!) which permissions guard which
> operations.

Would reducing this also reduce the flexibility of Zope's security system?
For a lot of people, one of the big strengths of Zope is the ability to easily
tweak permissions to get very fine grained access control without a lot of work.

Admittedly, this doesn't always appear to scale...

cheers,

Chris