[Zope3-dev] Two-part permissions?

Chris Withers chrisw@nipltd.com
Sat, 15 Dec 2001 10:49:12 +0000 

Jeremy Hylton wrote:
> 
> This makes a lot of sense.  What if each permission had to belong to
> one of four categories -- read, write, execute, and manage?

Well, my intention was that the labels could be defined by component authors,
but I do see lots of benefit in having a standard set of terms IFF they're the
right ones and cover all situations...

>From the above it's difficult as for most Zope objects, read and execute are the
same thing, of course this may change if presentation and data are kept
completely seperate. Data may have some methods that are executable, but those
wouldn't be available to someone who could onyl read stuff.
A presentation component would have all it's methods protected by 'read', but it
might be able to call the methods on the data component protected by 'execute'.

Which reminds me, have proxy roles come up in the Zope3 security discussions
yet? If not, they should do, it would be great if 'code' and 'principals' could
both be controlled by permissions, in which case Proxy Roles (or their
equivalent) become quite important.

> Developers would indicated the category (type) of permissions.
> Administrators would associate categories with roles, most of the
> time.  There would be an escape hatch for fine grain permissions, but
> you wouldn't have to use them.
> 
> This is the basic idea of the standard CORBA RightsFamily.  You can
> create other RightsFamilies for particular domains where it makes
> sense.  The idea is that the rights can be understood be administrator
> without having to be aware of the detailed semantics of those
> operations.  (The last bit is almost verbatim from the CORBA Security
> Service spec, rev 1.7, p. 2-119.)

Yes, but aren't those just what we know and love as 'Roles' in Zope?

My aim here is mainly about reducing the number of Permissions defined in Zope
by at least an order of magnitude and replacing them with a small number of
permissions that can be applied to a wide number of Classes / Object Types.

Does that make sense?

cheers,

Chris