[Zope3-dev] a note on groups and roles
Lennart Regebro
lennart@torped.se
Sun, 24 Mar 2002 14:15:21 +0100
From: "Matt Behrens" <matt@zigg.com>
> We have a workflow application I'm hopefully deploying soon, and
> the first thing it's going to cover is development requests. Here
> we have a couple roles: Development Manager, Application Administrator.
> In one of the systems we take development requests for, these are
> useful and necessary, but on the other system, the development
> manager *is* the administrator, and it makes perfect sense to make
> another role to encapsulate them.
What does this mean: "the development manager *is* the administrator"?
Does it mean that these are the same physical users (i.e. one user has the
two roles)?
Does it mean that these two organisational roles need the same permissions?
Does it mean that the organisation does not have these two roles, but one
role that encompasses the responsibilities of these two roles?
It's possible to let roles be a part of other roles, but it breaks the
structure of roles being a set of permissions and it would make the user
interface more complicated. Everybody seem to agree that there should be
some sort of user groups, the disagreement is just what kind, and if roles
should be removed or not. Grouping roles are another complication, and I
don't understand the use.