[Zope3-dev] Initial thoughts on the Zope3 security framework

[Guido van Rossum]

> > My main concern however is with the enormous proliferation of
> > permissions, which make security management difficult: there are too
> > many places where a permission could be set, and it's hard to find out
> > (impossible AFAIK using only the ZMI!) which permissions guard which
> > operations.
> 
> Would reducing this also reduce the flexibility of Zope's security
> system?  For a lot of people, one of the big strengths of Zope is
> the ability to easily tweak permissions to get very fine grained
> access control without a lot of work.

I am hoping we can figure something out where in the normal case the
security tab shows a vastly smaller table of roles x permissions, but
where you can still expand permissions into subpermissions (like
clicking on a folder in a tree widget to see its contents, etc.).

--Guido van Rossum (home page: http://www.python.org/~guido/)