[Zope3-dev] a note on groups and roles
Joachim Werner
joe@iuveno-net.de
Mon, 25 Mar 2002 10:26:27 +0100
> Hmm. One flaw I can see in my suggestion to create a flat user namespace
is
> that there is a problem when someone adds a user "Chris" to a place
"below"
> another place where an existing user "Chris" is defined. I'm not sure
what
> to do in that case. Disable the "higher" account? That seems stupid.
> Disallow the add? That seems stupid too. Ask the person doing the add
what
> should happen? That seems like a reasonable thing to do, but would make
> scripting the addition of users hard.
Oh yes, this doesn't seem to be that easy to solve ...
There is a practical issue with this: Technically speaking, a Zope instance
should never have two identical users to make sure that users are unique.
But in many larger organisations, people will oppose "flat" naming schemes.
Instead, people will use "domains" to make it possible to have the same
username at two places. So. instead of having to have usernames like
chris_01
chris_02
you will actually do things like
chris@marketing
chris@consulting
etc.
Internally, this can be solved by only using fully qualified identifiers
that include the full domain, but in the login dialog, it should be possible
to just enter the username and choose the domain (or leave it at the
preset). Probably that's just a GUI issue ...