[Zope3-dev] Re: a note on groups and roles
Florent Guillaume
fg@nuxeo.com
Sun, 24 Mar 2002 22:06:29 +0000 (UTC)
Lennart Regebro <lennart@torped.se> wrote:
> From: "Chris McDonough" <chrism@zope.com>
> > Yes! In the current Zope 2 system, some roles are essentially placeless
> > (ala Anonymous, Manager, Authenticated, Owner... Owner! ;-)) while local
> > roles and user defined roles are placeful. I'd like to be able to get rid
> > of the placeless roles.
>
> Absolutely. I agree totally.
Me too. Good.
> > Note that if you'd rather call what I call groups "roles", it doesn't
> matter
> > much to me, there's no distinction between roles and groups to me. At
> least
> > if there is one, it's almost negligible.
>
> No, it's not. Groups are collections of principals, roles are collections of
> permissions. Both make are an indirect way of mapping principals to
> permissions, but we can't equate them in this discussion, because then most
> of the points of the discussion disappear. :-)
Yes, this is a crucial point that bears repeating:
- UserGroups are groups of users.
- Roles are really groups of permissions.
And everything in between those two should be thought of in terms of
"mappings" rather than saying that we "add a user to a role" or something.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com