Fw: [Zope3-dev] Re: a note on groups and roles

[Joachim Werner]

----- Original Message -----
From: "Joachim Werner" <joe@iuveno-net.de>
To: "Chris McDonough" <chrism@zope.com>
Cc: <zope-dev-request@zope.org>
Sent: Sunday, March 24, 2002 1:05 PM
Subject: Re: [Zope3-dev] Re: a note on groups and roles


> >> Example: you define a group at the root.  You assign a set of users to
> the
> >> group.  You visit a folder and create another group, which includes a
> >> "local" set of users as well as the group you defined at the root.
>
> > Can you give an example of a problem that this sort of thing doesn't
> solve?
>
> I can't find one. Though I like the idea of making the permissions
> themselves more modular, so that I can use a set of basic permissions like
> "add, delete, change" etc. and bind them to objects. The GUI then might
have
> options to grant somebody a general "add content object" instead of having
> to check all the boxes for the individual objects.
>
> Oh oh, the further I am digging, the more things come up: We've added this
> cool "subobjects" support to OrderedFolder where you can restrict the list
> of items in the add-list (globally, not on a per-role base). This can also
> be accomplished by taking away all the corresponding "Add X" permissions
> from a person/role. It is just way more complicated. So that's another
> example where we added stuff to Zope that was already there but hard to
use
> or even find ...
>
> Joachim
>