[Zope3-dev] a note on groups and roles
Tres Seaver
tseaver@zope.com
Mon, 25 Mar 2002 10:23:59 -0500 (EST)
On Mon, 25 Mar 2002, Jim Fulton wrote:
> This is in line with the intent of Zope 3's security model. I intend
> that it will be possible for principals to elect which roles they have
> at any point in time.
Hmm, for HTTP that is tricky; either we rely on sessioning to
hold the "current rolemask", or on some equivalent cookie.
> There are other differences between roles and groups. Groups are
> not context-dependent. A user's membership in a group doesn't depend on
> location. The user's role varies from object to object.
I had been thinking that this distinction might help people with
the Zope2 model: groups are somewhat like the "placeless" role
assertions made about the user in the Z2 user folder; Z3 roles
are equivalent to Z2 local roles.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.org