[Zope3-dev] Initial thoughts on the Zope3 security framework
Chris Withers
chrisw@nipltd.com
Fri, 14 Dec 2001 15:43:58 +0000
Shane Hathaway wrote:
>
> Zope security uses three mappings: principals to roles, roles to
> permissions, and permissions to methods. I've been trying to prove to
> myself for months that we really need four mappings, with principals
> mapping to groups and groups mapping to roles, but have failed to do so
> since it would add complexity and you can already achieve the desired
> effect if you just have computed local roles.
>
> So we need either computed local roles or groups.
Given that groups is a fairly global term and one of our stated aims is to grow
Zope 10x, I would vote for groups over comptued local roles here...
cheers,
Chris