[Zope3-dev] a note on groups and roles
Chris McDonough
chrism@zope.com
Sun, 24 Mar 2002 12:23:43 -0500
> So, under your suggestion, this would not work:
>
> root
>
> Folder A
> acl_users
> Chris
>
> Folder B
> acl_users
> Chris
Errr.. that's a good question. ;-) I'd be inclined to say no to be able to
make good on the promise of having an essentially "flat" user namespace.
Saying "yes" wouldn't be terrible either, though if you knew that you never
wanted Chris in folder A to be able to access content under folder B Chris
in folder B to be able to access content in folder A.
> Or, did you mean that the above is allowed, but following should not be:
>
> root
>
> Folder A
> acl_users
> Chris
>
> Folder B
> acl_users
> Chris
This is really the kind of structure I'd like to prohibit.
Hmm. One flaw I can see in my suggestion to create a flat user namespace is
that there is a problem when someone adds a user "Chris" to a place "below"
another place where an existing user "Chris" is defined. I'm not sure what
to do in that case. Disable the "higher" account? That seems stupid.
Disallow the add? That seems stupid too. Ask the person doing the add what
should happen? That seems like a reasonable thing to do, but would make
scripting the addition of users hard.
- C