[Zope3-dev] Re: principals vs. users

[Guido van Rossum]

>   I think the typical thinking in role-based access control is that a
> user enables exactly one role at a time.  It might be reasonable for a
> person to have both sysadmin and developer roles, but they should
> never be able to wear both hats at the same time!

I dunno.  I kind of like the fact that when I submit a timesheet for
review to myself, I can approve it without changing hats.  Ditto for
publishing a document that I wrote.

--Guido van Rossum (home page: http://www.python.org/~guido/)