[Zope3-dev] Two-part permissions?

[Jeremy Hylton]

>>>>> "CW" == Chris Withers <chrisw@nipltd.com> writes:

  CW> Using this scheme, as Zope 2 does, you need a 'View X', a 'View
  CW> Y', a 'View Z' permission, then a 'Delete X', 'Delete Y',
  CW> 'Delete Z' permission, and so on ending up with a _lot_ of
  CW> permissions.

  CW> Would it be possible or beneficial to break these down into
  CW> 'View' and 'Delete' permissions that could be controlled on the
  CW> basis of the type of object they applied to?

This makes a lot of sense.  What if each permission had to belong to
one of four categories -- read, write, execute, and manage?
Developers would indicated the category (type) of permissions.
Administrators would associate categories with roles, most of the
time.  There would be an escape hatch for fine grain permissions, but
you wouldn't have to use them.

This is the basic idea of the standard CORBA RightsFamily.  You can
create other RightsFamilies for particular domains where it makes
sense.  The idea is that the rights can be understood be administrator
without having to be aware of the detailed semantics of those
operations.  (The last bit is almost verbatim from the CORBA Security
Service spec, rev 1.7, p. 2-119.)

I really like this part of the CORBA spec.

Jeremy