[Zope3-dev] Initial thoughts on the Zope3 security framework

[Lennart Regebro]

From: "Guido van Rossum" <guido@python.org>
> I am hoping we can figure something out where in the normal case the
> security tab shows a vastly smaller table of roles x permissions, but
> where you can still expand permissions into subpermissions (like
> clicking on a folder in a tree widget to see its contents, etc.).

I just had an idea. This may be stupid, it's just off the top of my head:
In most cases when I set up security, the permission each role has are the
same throughout the hierarchy. I mean, an Editor has the rights needed for
editing, a reviewer the rights needed for reviewing, and so on.The thing
that changes are which principals have wich roles in any one part of the
web.

Therefore, it seem that it would be possible to set up the mapping between
roles and permissions globally, and only assign roles to principals on a per
document basis.

This would require the addition of an automatically generated "Not Logged
In" principal, and the renaming of the "Anonymous" role to a "Viewer" role.
It would probably alse result in a more fine-grained definition of roles,
which in turn would make it neccessary to have principal groups.