[Zope3-dev] Initial thoughts on the Zope3 security framework
Martijn Faassen
faassen@vet.uu.nl
Sun, 16 Dec 2001 19:20:14 +0100
Shane Hathaway wrote:
[snip]
> Zope security uses three mappings: principals to roles, roles to
> permissions, and permissions to methods. I've been trying to prove to
> myself for months that we really need four mappings, with principals
> mapping to groups and groups mapping to roles, but have failed to do so
> since it would add complexity and you can already achieve the desired
> effect if you just have computed local roles.
>
> So we need either computed local roles or groups.
Workgroups seem to be easier on a caching system such as the catalog than
computed local roles, right?
Are there use cases where computed local roles can do what groups can't
do?
Regards,
Martijn